[lug] DOS ssh attacks
Alfred G. de Wijn
dwijn at iluvatar.org
Sat Jan 10 09:47:14 MST 2009
On Jan 10, 2009, at 9:04 AM, Rob Nagler wrote:
> Another question is: any tricks we can use to slow down requests to
> ssh so we don't get locked out?
A long while ago, I got fed up with these attacks. I found a program
called "authfail", and adapted it to block them in my firewall. It's
old, but it works for me. It listens on a log fifo, and updates the
firewall if some conditions are met. In my case, I block the IP if
there are more than 4 login attempts spaced less than 900 seconds
apart. Some IPs are whitelisted. Some users that should never log in
over ssh (e.g., bin, bind, ftp, mail, sshd) result in an immediate
block.
http://www.iluvatar.org/~dwijn/authfail
Cheers,
Alfred
--
Alfred G. de Wijn (dwijn at iluvatar.org)
web: http://www.iluvatar.org/~dwijn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2278 bytes
Desc: not available
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20090110/6ad01f0a/attachment.bin>
More information about the LUG
mailing list