| 1 |
Steve wrote: |
| 2 |
> I can't believe that I'm the only person with this, so it's probably |
| 3 |
> worth asking. |
| 4 |
> |
| 5 |
> I'm one of the (many) people who has opportunists trying usernames and |
| 6 |
> passwords against SSH... while every effort has been made to secure this |
| 7 |
> service by configuration; strong passwords; no root login remotely etc. |
| 8 |
> I would still prefer to block sites using obvious dictionary attacks |
| 9 |
> against me. |
| 10 |
> |
| 11 |
> I used to use DenyHosts - but that became annoying as it used rather a |
| 12 |
> lot of resources (and relied upon tcp wrappers... which, I'm informed |
| 13 |
> are somewhat old-fashioned) |
| 14 |
> |
| 15 |
> I migrated to try using iptables as my firewall and using blacklist.py - |
| 16 |
> which I got working after some minor config-tweaking. I'm aware that |
| 17 |
> there is configuration in the blacklist.py script for BLOCKING_PERIOD - |
| 18 |
> but what I really miss the "blocked forever" nature of the DenyHosts |
| 19 |
> alternative.... though I prefer every other aspect of the |
| 20 |
> iptables/blacklist.py approach. |
| 21 |
> |
| 22 |
> Has anyone else resolved this? As far as I'm concerned, once I detect |
| 23 |
> someone has attempted a brute force (which blaclist.py does |
| 24 |
> fantastically well) what I want is for no further communication to be |
| 25 |
> accepted from the IP address - even after I reboot etc. While I don't |
| 26 |
> know which sites I want to be accessible from in advance, I can be sure |
| 27 |
> none of them would launch a brute force attack against me. :-) |
| 28 |
> |
| 29 |
> Recommendations? |
| 30 |
|
| 31 |
If this is a personal or low-user connection, consider fwknop - single |
| 32 |
packet authorization port knocking. |
| 33 |
|
| 34 |
- works well for my home box |
| 35 |
- the port simply drops pings, connection attempts, etc. 'til "opened" |
| 36 |
- fwknop uses pcap to listen for authorization packets; when one comes |
| 37 |
through with the correct (encrypted) command, it'll send an iptables |
| 38 |
command to temporarily open the port for a designated period of time |
| 39 |
allowing you to connect. The encrypted packets include a time of day |
| 40 |
field to prevent replay attacks. |
| 41 |
|
| 42 |
|
| 43 |
http://www.cipherdyne.org/fwknop/download/ |
| 44 |
|
| 45 |
> |
| 46 |
> I'm looking for the neatest Gentoo way to do this... rather than |
| 47 |
> recommendations for how to write something to do what I want from |
| 48 |
> scratch... |
| 49 |
|
| 50 |
fwknop is not Gentoo; but compiles cleanly. |
| 51 |
|
| 52 |
HTH |
| 53 |
|
| 54 |
|
| 55 |
-- |
| 56 |
gentoo-user@l.g.o mailing list |
Archives