Full Disclosure mailing list archives

Re: SSH Bruteforce blocking script

From: Gerald Holl <gerald () holl co at>
Date: Sat, 03 Sep 2005 22:00:12 +0200

On 2005-09-02 09:37, Michael L Benjamin wrote:

Here is a simple script I've coded up that I use on 3 of my RedHat
Enterprise Linux 3 (RHEL3) servers. I decided to do this after seeing the
amount of activity from places like China/Korea/Taiwan in relation to
SSH brute force probes. I'll throw it open here for
analysis/suggestions. It
leverages off the TCPWrappers /etc/hosts.deny /etc/hosts.allow
functionality.


Hello,

Nice script!
Although I think it's a good way to list that brute force IPs in
/etc/hosts.deny there is another good script that uses iptables to block
the IPs:
http://fail2ban.sourceforge.net/

It works with apache logfiles too.

cheers,
-- 
Gerald Holl
http://holl.co.at
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

SSH Bruteforce blocking script Michael L Benjamin (Sep 02)
- Re: SSH Bruteforce blocking script Alejandro Barrera (Sep 02)
- Re: SSH Bruteforce blocking script Christoph Moench-Tegeder (Sep 02)
- Re: SSH Bruteforce blocking script Gerald Holl (Sep 03)
- <Possible follow-ups>
- RE: SSH Bruteforce blocking script Michael L Benjamin (Sep 02)
- RE: SSH Bruteforce blocking script Michael L Benjamin (Sep 02)
- RE: SSH Bruteforce blocking script Michael L Benjamin (Sep 02)
  - Re: SSH Bruteforce blocking script Christoph Moench-Tegeder (Sep 02)
- Re: SSH Bruteforce blocking script Pedro Hugo (Sep 02)
- RE: SSH Bruteforce blocking script Michael L Benjamin (Sep 02)
  - Re: SSH Bruteforce blocking script miah (Sep 02)
- RE: SSH Bruteforce blocking script Michael L Benjamin (Sep 04)
  - Re: SSH Bruteforce blocking script miah (Sep 06)
  - RE: SSH Bruteforce blocking script Ron DuFresne (Sep 06)

(Thread continues...)