Full Disclosure mailing list archives

Re: targetted SSH bruteforce attacks

From: Gary Baribault <gary () baribault net>
Date: Fri, 18 Jun 2010 13:46:19 -0400

I don't see what I'm going to gain .. host.deny blocks just fine
without risking my firewall.

Gary Baribault
Courriel: gary () baribault net
GPG Key: 0x685430d1
Signature: 9E4D 1B7C CB9F 9239 11D9 71C3 6C35 C6B7 6854 30D1


On 06/18/2010 01:38 PM, Ashish SHUKLA wrote:

Gary Baribault writes:

[...]

    Both of these systems are within one /21 and get attacked
regularly. I run Denyhosts on them, and update the central server once
an hour with attacking IPs, and obviously also download the public
hosts.deny list.


How about combining denyhosts with netfilter through its plugin

mechanism ? In

addition to adding entry to hosts.deny file, you can also play with

netfilter

and 'recent' extension.

Ashish

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: targetted SSH bruteforce attacks, (continued)
- - - Re: targetted SSH bruteforce attacks Marsh Ray (Jun 21)
    - Message not available
    - Re: targetted SSH bruteforce attacks Marc Olive (Jun 22)
    - Re: targetted SSH bruteforce attacks bugs (Jun 26)
  - Re: targetted SSH bruteforce attacks Mr. MailingLists (Jun 17)
    - Re: targetted SSH bruteforce attacks Sebastian Rother (Jun 17)
    - Re: targetted SSH bruteforce attacks Thor (Hammer of God) (Jun 17)
    - Re: targetted SSH bruteforce attacks BMF (Jun 17)
  - Re: targetted SSH bruteforce attacks Mark Byrne (Jun 17)
  - Re: targetted SSH bruteforce attacks Pavel Kankovsky (Jun 17)
  - Re: targetted SSH bruteforce attacks Ashish SHUKLA (Jun 18)
    - Re: targetted SSH bruteforce attacks Gary Baribault (Jun 18)
    - Re: targetted SSH bruteforce attacks Ashish SHUKLA (Jun 18)
  - Re: targetted SSH bruteforce attacks Ryan Castellucci (Jun 22)