| 1 |
On Saturday 14 November 2009 23:49:23 Richard Marza wrote: |
| 2 |
> I recently check my log files and discovered that there was a dictionary |
| 3 |
> attack attempt on my daemons. sshd and vsftpd were the primary targets. Is |
| 4 |
> there a script or tool to block the offending IP addresses using iptables. |
| 5 |
> Something that checks to see if a minimum of attempts has occured and |
| 6 |
> blocks them indefinitely based on that? |
| 7 |
|
| 8 |
|
| 9 |
There are HUNDREDS of such solutions out there. Did you even try to Google |
| 10 |
first? |
| 11 |
|
| 12 |
fail2ban & denyhosts are quite popular and get the job done. |
| 13 |
|
| 14 |
OSSEC is a full blown IDS that I use at work, it functions very well but is |
| 15 |
probably overkill for your needs. |
| 16 |
|
| 17 |
Last hint: You do NOT want to block hosts permanently. Your logs will empty |
| 18 |
sure enough, but sooner or later you will lock yourself out, or you will lock |
| 19 |
out people you really do want to access your services. |
| 20 |
|
| 21 |
-- |
| 22 |
alan dot mckinnon at gmail dot com |
Archives