1 |
I can't believe that I'm the only person with this, so it's probably |
2 |
worth asking. |
3 |
|
4 |
I'm one of the (many) people who has opportunists trying usernames and |
5 |
passwords against SSH... while every effort has been made to secure this |
6 |
service by configuration; strong passwords; no root login remotely etc. |
7 |
I would still prefer to block sites using obvious dictionary attacks |
8 |
against me. |
9 |
|
10 |
I used to use DenyHosts - but that became annoying as it used rather a |
11 |
lot of resources (and relied upon tcp wrappers... which, I'm informed |
12 |
are somewhat old-fashioned) |
13 |
|
14 |
I migrated to try using iptables as my firewall and using blacklist.py - |
15 |
which I got working after some minor config-tweaking. I'm aware that |
16 |
there is configuration in the blacklist.py script for BLOCKING_PERIOD - |
17 |
but what I really miss the "blocked forever" nature of the DenyHosts |
18 |
alternative.... though I prefer every other aspect of the |
19 |
iptables/blacklist.py approach. |
20 |
|
21 |
Has anyone else resolved this? As far as I'm concerned, once I detect |
22 |
someone has attempted a brute force (which blaclist.py does |
23 |
fantastically well) what I want is for no further communication to be |
24 |
accepted from the IP address - even after I reboot etc. While I don't |
25 |
know which sites I want to be accessible from in advance, I can be sure |
26 |
none of them would launch a brute force attack against me. :-) |
27 |
|
28 |
Recommendations? |
29 |
|
30 |
I'm looking for the neatest Gentoo way to do this... rather than |
31 |
recommendations for how to write something to do what I want from scratch... |
32 |
|
33 |
Steve |
34 |
|
35 |
-- |
36 |
gentoo-user@l.g.o mailing list |