Brute-Force SSH Server Attacks Surge -- InformationWeek
Derek Atkins
warlord at MIT.EDU
Thu May 15 10:20:29 EDT 2008
"Thomas Charron" <twaffle at gmail.com> writes:
> sshguard is a nice tool. It monitors syslog and automatically adds
> iptables rules to drop packets from the source of an arbitrary number
> of incorrect logins.
>
> http://sshguard.sourceforge.net/
>
> Note, many of the installers don't set some things up, and require
> manual configuration. See:
>
> http://sshguard.sourceforge.net/doc/setup/setup.html
>
> Specifically, the section in
> http://sshguard.sourceforge.net/doc/setup/blockingiptables.html as
> they show the commands, but at least the Ubuntu package doesn't
> actually add those rules to any of the rc startup files. :-D
I use swatch for this.. I wrote a set of swatch scripts that
automatically block IP Addresses after the first failed login.
Works great! (except when real users forget their username and
try to login with another username)
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
More information about the gnhlug-discuss
mailing list