Weekly Edition
Return to the Development page
| |||||||||||||
|
| |||||||||||||
BlockSSHD version 0.5 released (SourceForge)
Version 0.5 of BlockSSHD
is out with a bug fix.
"BlockSSHD protects computers from SSH brute force attacks by dynamically
blocking IP addresses by adding iptables rules."
(Log in to post comments)
BlockSSHD version 0.5 released (SourceForge) Posted Jul 20, 2006 10:00 UTC (Thu) by nix (subscriber, #2304) [Link] Alternatively you could protect them from SSH brute force attacks by allowing only challenge-response authentication and disabling password authentication on machines exposed to the Internet.
Automatically updating iptables like this is tantamount to handing attackers a way to get your system to block anything they like, on command. Helpful for DoS attacks...
BlockSSHD version 0.5 released (SourceForge) Posted Jul 20, 2006 14:50 UTC (Thu) by fm2503 (guest, #2776) [Link] Still it can get annoying even if you don't have password authentication turned on. iptables can do this quite neatly without the need to monitor logfiles. I use:#!/bin/sh iptables -A INPUT -m tcp -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -m tcp -p tcp -s My.local.Lan.0/24 --dport 22 -j ACCEPT iptables -A INPUT -m tcp -p tcp -s Trusted.Internet.Machine --dport 22 -j ACCEPT iptables -A INPUT -m tcp -p tcp --dport 22 -m state --state NEW -m limit --limit 3/min --limit-burst 3 -j ACCEPT iptables -A INPUT -m tcp -p tcp --dport 22 -j LOG --log-prefix SSHBRUTE iptables -A INPUT -m tcp -p tcp --dport 22 -j DROP
DenyHosts Posted Jul 20, 2006 18:41 UTC (Thu) by pcharlan (guest, #29128) [Link] I haven't used BlockSSHD, but we have deployed DenyHosts on a few machines and it appears to work well. It's a python script that adds to /etc/hosts.deny when it notices N unsuccessful attempts to log into your machine.
|
|
||||||||||||