|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] SSH Bruteforce blocking script
From: Gerald Holl (gerald
holl.co.at)
Date: Sat Sep 03 2005 - 15:00:12 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 2005-09-02 09:37, Michael L Benjamin wrote:
> Here is a simple script I've coded up that I use on 3 of my RedHat
> Enterprise Linux 3 (RHEL3) servers. I decided to do this after seeing the
> amount of activity from places like China/Korea/Taiwan in relation to
> SSH brute force probes. I'll throw it open here for
> analysis/suggestions. It
> leverages off the TCPWrappers /etc/hosts.deny /etc/hosts.allow
> functionality.
Hello,
Nice script!
Although I think it's a good way to list that brute force IPs in
/etc/hosts.deny there is another good script that uses iptables to block
the IPs:
http://fail2ban.sourceforge.net/
It works with apache logfiles too.
cheers,
--
Gerald Holl
http://holl.co.at
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]