Full Disclosure mailing list archives

Re: SSH brute force blocking tool

From: Anders B Jansson <hdw () kallisti se>
Date: Tue, 28 Nov 2006 18:31:52 +0100

Just one possibly silly question.

Why are you working so hard to do this with complex scripts and stuff?

I just wrote a little C snippet that runs on the firewall.
All servers allowing external ssh send a copy of ssh auth to a port
on the firewall.

If it detects a brute force it adds the host to the block list and
everything from that host is silently dropped.

Added a whitelist function to avoid DOS attempts.

Works perfect, and adds community service by letting the trawlers
hang until they timeout.
-- 
// hdw

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: SSH brute force blocking tool, (continued)
- - - Re: SSH brute force blocking tool J. Oquendo (Nov 28)
    - Re: SSH brute force blocking tool Tavis Ormandy (Nov 28)
    - Re: SSH brute force blocking tool J. Oquendo (Nov 28)
    - Re: SSH brute force blocking tool Thierry Zoller (Nov 28)
    - Re: SSH brute force blocking tool Tavis Ormandy (Nov 28)
    - Re: SSH brute force blocking tool Brian Eaton (Nov 28)
    - Re: SSH brute force blocking tool Brian Eaton (Nov 28)
    - Re: SSH brute force blocking tool Tavis Ormandy (Nov 28)
    - Re: SSH brute force blocking tool J. Oquendo (Nov 28)
    - Re: SSH brute force blocking tool Tavis Ormandy (Nov 28)
    - Re: SSH brute force blocking tool Anders B Jansson (Nov 28)
    - Re: SSH brute force blocking tool J. Oquendo (Nov 28)
    - Re: SSH brute force blocking tool Thierry Zoller (Nov 28)
    - Re: SSH brute force blocking tool Tonnerre Lombard (Nov 30)
- Re: SSH brute force blocking tool daylasoul (Nov 28)