Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Andreas Waschbuesch <awaschb@...>
Subject: Re: [OT?] automatically firewalling off IPs
Date: Sun, 2 Oct 2005 23:57:14 +0200
You wrote:
> Hey all,
>
> I'm looking for an app/script which can monitor for failed ssh logins,
> and block using IPTables for $time after $number of failed logins (an
> exclusion list would be handy as well) so that I can put a quick stop
> to these niggly brute-force ssh "attacks" I seem to be getting more and
> more often.
>
> Anyone have any ideas?
>
> Thanks, Jeremy B

It's a bad idea trying to automatically drop any $EVILATTEMPT imho, 
because worst case scenario would be excluding valid users from 
dynIP-ascends / dialup users. One could even try to DOS You by faking 
source IPs etc.

A better strategy would be

1.) disabling root-access in sshd-conf and defining valid users. (General 
advise.)

2.) setting up a "bastion host" (preferably minimal installation, as 
"naked" as "stripped down" could be). To minimize single point of failure 
risks one could add / use some more hosts, preferably in different 
subnets.

3.) giving that host/those hosts exclusive access to sshd via hosts.access 
while denying everbody else via hosts.deny.

No automatisms, plain simple, predictible - while "intransparent" enough 
for the $EVILGUYS.

-- 
Andreas Waschbuesch, GAUniversity KG MA FNZ FK01
eMail: awaschb@...

-- 
gentoo-security@g.o mailing list


References:
[OT?] automatically firewalling off IPs
-- Jeremy Brake
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
RE: [OT?] automatically firewalling off IPs
Next by thread:
Re: [OT?] automatically firewalling off IPs
Previous by date:
RE: [OT?] automatically firewalling off IPs
Next by date:
Re: [OT?] automatically firewalling off IPs


Updated Oct 31, 2011

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.