Distributed brute force ssh attacks
Posted Oct 23, 2009 22:24 UTC (Fri) by dododge
In reply to: Distributed brute force ssh attacks
Parent article: Distributed brute force ssh attacks
One way I've seen this done in a corporate environment is to have a web page that uses token-based authentication such as SecurID to identify you. If you pass that, it immediately updates the firewall to allow your IP to access the other servers such as mail, ssh, etc. (which all normally require their own authentication as well). The firewall rule then auto-expires if your IP goes idle for too long.
to post comments)