Honeypots mailing list archives
Re: Displaying SSH password attempts
From: Harry Hoffman <hhoffman () ip-solutions net>
Date: Wed, 05 Jul 2006 11:52:44 -0400
why not just use port-knocking to allow iptables to grant access to port 22? http://www.cipherdyne.org/fwknop/ That way it's closed off to the whole world until you decide you want it open from a specific IP address. --Harry -- Harry Hoffman Integrated Portable Solutions, LLC 877.846.5927 ext 1000 http://www.ip-solutions.net/ Valdis.Kletnieks () vt edu wrote:
On Wed, 05 Jul 2006 16:48:02 +0200, Nikola said:When one of the servers detects 5 logins in a row from the same IP ADDRESS in given time it marks that IP and stores it in database...and when other hosts detect failed logins...they check database and if host is marked BAD the put it in IPTABLES -j DROP. With this approach I have ring of detect/protect system that guards from potential 31337 crackers ...... Whole idea is bigger than this...but i leave it to your imagination....because it's really easy to extend this idea to anything......In many cases, it's a lot easier to just use iptables or Windows IPSEC filtering to only allow packets from the 2 or 3 /16's of addresses that *should* be connecting, and just deny the others. Remember - estimates are from 1 to 10 million zombie boxes out there. Trying to ban them one by one is a losing proposition, they're being created faster than you can ban them.
Current thread:
- Displaying SSH password attempts Tom Doherty (Jul 05)
- Re: Displaying SSH password attempts Jeff Lake (Jul 05)
- Re: Displaying SSH password attempts Daniel Cid (Jul 05)
- <Possible follow-ups>
- Re: Displaying SSH password attempts Nikola (Jul 05)
- RE: Displaying SSH password attempts Dodge, R. LTC EECS (Jul 05)
- Re: Displaying SSH password attempts Valdis . Kletnieks (Jul 05)
- Re: Displaying SSH password attempts Harry Hoffman (Jul 05)
- Re: Displaying SSH password attempts Tom Doherty (Jul 05)
- Re: Displaying SSH password attempts Valdis . Kletnieks (Jul 05)
- Re: Displaying SSH password attempts ader (Jul 07)
- Re: Displaying SSH password attempts Valdis . Kletnieks (Jul 07)
- Re: Displaying SSH password attempts ader (Jul 11)