Full Disclosure mailing list archives
Re: SSH Bruteforce blocking script
From: Gerald Holl <gerald () holl co at>
Date: Sat, 03 Sep 2005 22:00:12 +0200
On 2005-09-02 09:37, Michael L Benjamin wrote:
Here is a simple script I've coded up that I use on 3 of my RedHat Enterprise Linux 3 (RHEL3) servers. I decided to do this after seeing the amount of activity from places like China/Korea/Taiwan in relation to SSH brute force probes. I'll throw it open here for analysis/suggestions. It leverages off the TCPWrappers /etc/hosts.deny /etc/hosts.allow functionality.
Hello, Nice script! Although I think it's a good way to list that brute force IPs in /etc/hosts.deny there is another good script that uses iptables to block the IPs: http://fail2ban.sourceforge.net/ It works with apache logfiles too. cheers, -- Gerald Holl http://holl.co.at _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- SSH Bruteforce blocking script Michael L Benjamin (Sep 02)
- Re: SSH Bruteforce blocking script Alejandro Barrera (Sep 02)
- Re: SSH Bruteforce blocking script Christoph Moench-Tegeder (Sep 02)
- Re: SSH Bruteforce blocking script Gerald Holl (Sep 03)
- <Possible follow-ups>
- RE: SSH Bruteforce blocking script Michael L Benjamin (Sep 02)
- RE: SSH Bruteforce blocking script Michael L Benjamin (Sep 02)
- RE: SSH Bruteforce blocking script Michael L Benjamin (Sep 02)
- Re: SSH Bruteforce blocking script Christoph Moench-Tegeder (Sep 02)
- Re: SSH Bruteforce blocking script Pedro Hugo (Sep 02)
- RE: SSH Bruteforce blocking script Michael L Benjamin (Sep 02)
- Re: SSH Bruteforce blocking script miah (Sep 02)
- RE: SSH Bruteforce blocking script Michael L Benjamin (Sep 04)
- Re: SSH Bruteforce blocking script miah (Sep 06)
- RE: SSH Bruteforce blocking script Ron DuFresne (Sep 06)
(Thread continues...)