[Gllug] ssh brute force attacks
David Damerell
damerell at chiark.greenend.org.uk
Thu Dec 11 17:45:51 UTC 2008
On Monday, 8 Dec 2008, Alain Williams wrote:
>Distributed ssh brute force attacks are on the rise, according to el reg:
> http://www.theregister.co.uk/2008/12/08/brute_force_ssh_attack/
>I use an iptables blocker (max 3 attempts in 3 minutes) that would be
>defeated by this.
No-one else said it, so "denyhosts". Package in Debian, maybe in other
distros, not hard to compile.
Denyhosts can block hosts that fail so many login attempts over any
length of time, but also reset the count for hosts that manage a
successful login - so you won't suddenly filter yourself out because
you fatfingered your username six times in the last year.
The botnet isn't infinite in size; I see the same IP addresses coming
round repeatedly.
--
David Damerell <damerell at chiark.greenend.org.uk> flcl?
Today is Epithumia, December - a weekend.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list