Full Disclosure mailing list archives
Re: SSH brute force blocking tool
From: Anders B Jansson <hdw () kallisti se>
Date: Tue, 28 Nov 2006 18:31:52 +0100
Just one possibly silly question. Why are you working so hard to do this with complex scripts and stuff? I just wrote a little C snippet that runs on the firewall. All servers allowing external ssh send a copy of ssh auth to a port on the firewall. If it detects a brute force it adds the host to the block list and everything from that host is silently dropped. Added a whitelist function to avoid DOS attempts. Works perfect, and adds community service by letting the trawlers hang until they timeout. -- // hdw _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: SSH brute force blocking tool, (continued)
- Re: SSH brute force blocking tool J. Oquendo (Nov 28)
- Re: SSH brute force blocking tool Tavis Ormandy (Nov 28)
- Re: SSH brute force blocking tool J. Oquendo (Nov 28)
- Re: SSH brute force blocking tool Thierry Zoller (Nov 28)
- Re: SSH brute force blocking tool Tavis Ormandy (Nov 28)
- Re: SSH brute force blocking tool Brian Eaton (Nov 28)
- Re: SSH brute force blocking tool Brian Eaton (Nov 28)
- Re: SSH brute force blocking tool Tavis Ormandy (Nov 28)
- Re: SSH brute force blocking tool J. Oquendo (Nov 28)
- Re: SSH brute force blocking tool Tavis Ormandy (Nov 28)
- Re: SSH brute force blocking tool Anders B Jansson (Nov 28)
- Re: SSH brute force blocking tool J. Oquendo (Nov 28)
- Re: SSH brute force blocking tool Thierry Zoller (Nov 28)
- Re: SSH brute force blocking tool Tonnerre Lombard (Nov 30)