Full Disclosure mailing list archives
Re: reduction of brute force login attempts via SSHthrough iptables --hashlimit
From: Benjamin Bennett <ben () psc edu>
Date: Thu, 02 Mar 2006 11:36:14 -0500
On Thu, 2006-03-02 at 17:23 +0100, GroundZero Security wrote:
Well i dont want to destroy your happy time where you can feel superior, but if you would read the manpage of lastb you would notice that this approach wont work at all. lastb just shows successfull logins! not all the attempted logins....we discussed that before though, so better pay attention next time. Another thing is that on many systems btmp is not present and thus lastb wouldnt work even if it would show failed logins. NAME last, lastb - show listing of last logged in users SYNOPSIS last [-R] [-num] [ -n num ] [-adiox] [ -f file ] [name...] [tty...] lastb [-R] [-num] [ -n num ] [ -f file ] [-adiox] [name...] [tty...] DESCRIPTION Last searches back through the file /var/log/wtmp (or the file designated by the -f flag) and displays a list of all users logged in (and out) since that file was created. ....
...and a little farther down... "Lastb is the same as last, except that by default it shows a log of the file /var/log/btmp, which contains all the bad login attempts."
as you can see it only logs "logged in" users not all those that tried. so your script is useless.
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- reduction of brute force login attempts via SSH through iptables --hashlimit Jay Libove (Mar 01)
- Re: reduction of brute force login attempts via SSH through iptables --hashlimit GroundZero Security (Mar 01)
- Re: reduction of brute force login attempts via SSH through iptables --hashlimit Giancarlo Razzolini (Mar 01)
- Re: reduction of brute force login attempts via SSH through iptables --hashlimit nocfed (Mar 02)
- Re: reduction of brute force login attempts via SSHthrough iptables --hashlimit GroundZero Security (Mar 02)
- Re: reduction of brute force login attempts via SSHthrough iptables --hashlimit Gary Leons (Mar 02)
- Re: reduction of brute force login attempts via SSHthrough iptables --hashlimit GroundZero Security (Mar 02)
- Re: reduction of brute force login attempts via SSHthrough iptables --hashlimit Benjamin Bennett (Mar 02)
- Re: reduction of brute force login attempts via SSHthrough iptables --hashlimit Gary Leons (Mar 02)
- Re: reduction of brute force login attempts via SSHthrough iptables --hashlimit GroundZero Security (Mar 02)
- Re: reduction of brute force login attempts via SSH through iptables --hashlimit GroundZero Security (Mar 01)
- Re: reduction of brute force login attempts viaSSHthrough iptables --hashlimit Dave Korn (Mar 03)
- Re: Re: reduction of brute force login attemptsviaSSHthrough iptables --hashlimit GroundZero Security (Mar 03)