Re: SSH Cracking Attempts
From: Nicolas (ripley_at_8d.com)
Date: 09/29/04
- Previous message: Alan Chin: "Re: The singer Teresa Teng information (¾HÄR§g)"
- In reply to: Jacob S: "SSH Cracking Attempts"
- Next in thread: Jacob S: "Re: SSH Cracking Attempts"
- Reply: Jacob S: "Re: SSH Cracking Attempts"
- Reply: Glyn Teb***: "Re: SSH Cracking Attempts"
- Reply: Jamin W. Collins: "Re: SSH Cracking Attempts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: debian-user@lists.debian.org Date: Wed, 29 Sep 2004 16:10:58 -0400
> So, my question is this. Is there a way to tell ssh to refuse
> connections from an ip address after a certain number of failed login
> attempts, or is snort the only way to do something like this? So far
> I've been taking the manual approach, blocking the ip address with
> my firewall after I see it hitting the logs, but that can give them
> about an hour to play before I notice it (e-mailed to me by logcheck).
>
> Any suggestions?
If you dont have to much user who log in your server, you can allow only them
from specific IP to log in. Or you can disable the password facility and
only use keys (we do it this way at the job, It's also what I do at home).
Nic Cola
P.S.
Just for the fun of it, you can also tarpit the IP of the script kiddy ;o)
-- () ascii ribbon campaign - against html e-mail /\ - against microsoft attachments -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
- Previous message: Alan Chin: "Re: The singer Teresa Teng information (¾HÄR§g)"
- In reply to: Jacob S: "SSH Cracking Attempts"
- Next in thread: Jacob S: "Re: SSH Cracking Attempts"
- Reply: Jacob S: "Re: SSH Cracking Attempts"
- Reply: Glyn Teb***: "Re: SSH Cracking Attempts"
- Reply: Jamin W. Collins: "Re: SSH Cracking Attempts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
