[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] SSH brute force blocking tool
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] SSH brute force blocking tool
- From: Anders B Jansson <hdw@xxxxxxxxxxx>
- Date: Tue, 28 Nov 2006 18:31:52 +0100
Just one possibly silly question.
Why are you working so hard to do this with complex scripts and stuff?
I just wrote a little C snippet that runs on the firewall.
All servers allowing external ssh send a copy of ssh auth to a port
on the firewall.
If it detects a brute force it adds the host to the block list and
everything from that host is silently dropped.
Added a whitelist function to avoid DOS attempts.
Works perfect, and adds community service by letting the trawlers
hang until they timeout.
--
// hdw
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/