List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
> Hey all,
> I'm looking for an app/script which can monitor for failed ssh logins,
> and block using IPTables for $time after $number of failed logins (an
> exclusion list would be handy as well) so that I can put a quick stop
> to these niggly brute-force ssh "attacks" I seem to be getting more and
> more often.
> Anyone have any ideas?
> Thanks, Jeremy B
It's a bad idea trying to automatically drop any $EVILATTEMPT imho,
because worst case scenario would be excluding valid users from
dynIP-ascends / dialup users. One could even try to DOS You by faking
source IPs etc.
A better strategy would be
1.) disabling root-access in sshd-conf and defining valid users. (General
2.) setting up a "bastion host" (preferably minimal installation, as
"naked" as "stripped down" could be). To minimize single point of failure
risks one could add / use some more hosts, preferably in different
3.) giving that host/those hosts exclusive access to sshd via hosts.access
while denying everbody else via hosts.deny.
No automatisms, plain simple, predictible - while "intransparent" enough
for the $EVILGUYS.
Andreas Waschbuesch, GAUniversity KG MA FNZ FK01
email@example.com mailing list