|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] SSH brute force blocking tool
From: Anders B Jansson (hdw
kallisti.se)
Date: Tue Nov 28 2006 - 11:31:52 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Just one possibly silly question.
Why are you working so hard to do this with complex scripts and stuff?
I just wrote a little C snippet that runs on the firewall.
All servers allowing external ssh send a copy of ssh auth to a port
on the firewall.
If it detects a brute force it adds the host to the block list and
everything from that host is silently dropped.
Added a whitelist function to avoid DOS attempts.
Works perfect, and adds community service by letting the trawlers
hang until they timeout.
--
// hdw
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]