Full Disclosure mailing list archives
Re: SSH Bruteforce blocking script
From: "Pedro Hugo " <fractalg () highspeedweb net>
Date: Fri, 2 Sep 2005 05:53:04 -0400
Hi,
I don't want to debate the goodness or badness of the strategy of blocking hosts like this in /etc/hosts.deny. It works perfectly for me, and most likely would for you, so no religious debates thanks. It's effective at blocking bruteforce attacks. If a host EXCEEDS a specified number of guesses during the (configurable) 30 seconds it takes the script to cycle, the host is blacklisted.
Why are you doing this the wrong way ? You should whitelist hosts, instead blacklisting them. Unless you have administrative reasons for such decision, hosts.deny should be set to ALL:ALL, and you should allow specifically in hosts.allow. This way everything is dropped by default. Tcpwrappers should be configured the same way a firewall is, unless there is something against it. Even if you have customers who need remote access, adding a few ip's is much better than having open by default. Kind Regards, Pedro Hugo _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- SSH Bruteforce blocking script Michael L Benjamin (Sep 02)
- Re: SSH Bruteforce blocking script Alejandro Barrera (Sep 02)
- Re: SSH Bruteforce blocking script Christoph Moench-Tegeder (Sep 02)
- Re: SSH Bruteforce blocking script Gerald Holl (Sep 03)
- <Possible follow-ups>
- RE: SSH Bruteforce blocking script Michael L Benjamin (Sep 02)
- RE: SSH Bruteforce blocking script Michael L Benjamin (Sep 02)
- RE: SSH Bruteforce blocking script Michael L Benjamin (Sep 02)
- Re: SSH Bruteforce blocking script Christoph Moench-Tegeder (Sep 02)
- Re: SSH Bruteforce blocking script Pedro Hugo (Sep 02)
- RE: SSH Bruteforce blocking script Michael L Benjamin (Sep 02)
- Re: SSH Bruteforce blocking script miah (Sep 02)
- RE: SSH Bruteforce blocking script Michael L Benjamin (Sep 04)
- Re: SSH Bruteforce blocking script miah (Sep 06)
- RE: SSH Bruteforce blocking script Ron DuFresne (Sep 06)
- FW: SSH Bruteforce blocking script Michael L Benjamin (Sep 04)
- FW: SSH Bruteforce blocking script Michael L Benjamin (Sep 04)
- Re: FW: SSH Bruteforce blocking script Valdis . Kletnieks (Sep 04)