Re: SSH Cracking Attempts
From: Joe (joe_at_jretrading.com)
Date: 09/30/04
- Previous message: Adam Funk: "Using mplayer save RealMedia audio in a sensible format?"
- In reply to: Jacob S: "SSH Cracking Attempts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 30 Sep 2004 19:25:53 +0100 To: debian-user@lists.debian.org
In message <2JS0g-4nG-47@gated-at.bofh.it>, Jacob S
<stormspotter@6Texans.net> writes
>
>So, my question is this. Is there a way to tell ssh to refuse
>connections from an ip address after a certain number of failed login
>attempts, or is snort the only way to do something like this? So far
>I've been taking the manual approach, blocking the ip address with
>my firewall after I see it hitting the logs, but that can give them
>about an hour to play before I notice it (e-mailed to me by logcheck).
>
Nothing built-in, but you can automate what you do already. A cron job
every five minutes using grep on your log file, issuing an iptables
command...
On the other hand, if he's already tried two or three times and failed
to spot a criminally weak account/password pair, why bother blocking? I
rarely seem to get more than two from the same IP in the same day. I
haven't bothered checking all of them over the last three months.
-- Joe -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
- Previous message: Adam Funk: "Using mplayer save RealMedia audio in a sensible format?"
- In reply to: Jacob S: "SSH Cracking Attempts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
