Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Justin <justin@×××××××××.net>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] SSH brute force attacks and blacklist.py
Date: Wed, 27 Feb 2008 19:07:54
Message-Id: 47C5B4F9.9060701@j-schmitz.net
In Reply to: [gentoo-user] SSH brute force attacks and blacklist.py by Steve
1 Steve schrieb:
2 > I can't believe that I'm the only person with this, so it's probably
3 > worth asking.
4 >
5 > I'm one of the (many) people who has opportunists trying usernames and
6 > passwords against SSH... while every effort has been made to secure
7 > this service by configuration; strong passwords; no root login
8 > remotely etc. I would still prefer to block sites using obvious
9 > dictionary attacks against me.
10 >
11 > I used to use DenyHosts - but that became annoying as it used rather a
12 > lot of resources (and relied upon tcp wrappers... which, I'm informed
13 > are somewhat old-fashioned)
14 >
15 > I migrated to try using iptables as my firewall and using blacklist.py
16 > - which I got working after some minor config-tweaking. I'm aware
17 > that there is configuration in the blacklist.py script for
18 > BLOCKING_PERIOD - but what I really miss the "blocked forever" nature
19 > of the DenyHosts alternative.... though I prefer every other aspect of
20 > the iptables/blacklist.py approach.
21 >
22 > Has anyone else resolved this? As far as I'm concerned, once I detect
23 > someone has attempted a brute force (which blaclist.py does
24 > fantastically well) what I want is for no further communication to be
25 > accepted from the IP address - even after I reboot etc. While I don't
26 > know which sites I want to be accessible from in advance, I can be
27 > sure none of them would launch a brute force attack against me. :-)
28 >
29 > Recommendations?
30 >
31 > I'm looking for the neatest Gentoo way to do this... rather than
32 > recommendations for how to write something to do what I want from
33 > scratch...
34 >
35 > Steve
36 >
37
38 Try fail2ban. I started as newby on iptables and I still am, because it
39 is very easy to configure and does it job perfect.
40
41 http://gentoo-wiki.com/HOWTO_fail2ban
42 http://www.fail2ban.org/wiki/index.php/Main_Page
43 --
44 gentoo-user@l.g.o mailing list

Replies

Subject Author
[gentoo-user] Re: SSH brute force attacks and blacklist.py "Anno v. Heimburg" <anno@×××××××××××.de>
Report Message
Find on MARC Find on Google Groups