What is this Very Stupid DOS Attack Script?

Fri Apr 8 12:39:57 PDT 2005

This might not be exactly what you want, but solution to this might be
timelox by brian.  It has a definable action to take when an IP attempts
X logins in N seconds.
I've modified his timelox-code for openbsd to suit openssh portable
3.9p1/4.0p1 (linux/freebsd).
I will try to keep this up to date with the openssh-portable tree.

You can find it at http://www.overflow.no/?p=hacking

The next version will have a sshd_config setting for a script to run on
this event, to improve portability basicly. 

This prolly isn't the best solution, but it works pretty good.

If blocking out all of the world is a concern just add a cronjob for
root to clear the rules one a week or something like that. :)

On Fri, 2005-04-08 at 12:07 -0700, Michael Carlson wrote:
> I would be very interested in a script/setup like this, so I second the 
> suggestion of posting it somewhere.
> 
> On a minor off topic question, has anyone gotten the linux-pam/pam_tally to 
> work in 5.x?
> 
> Due to security requirements at work I need either that or something similar.
> 
> At 05:28 PM 4/7/2005, Jon Adams wrote:
> 
> 
> >Marian Hettwer wrote:
> >
> >>On Mi, 6.04.2005, 17:57, Willem Jan Withagen sagte:
> >>
> >>
> >>>I've build some swatch-rules that after two of these hits, I dump
> >>>the host into ifpw-deny space.
> >>>
> >>>
> >>Aye. I thought about writing a script, doing the same like yours, too.
> >>Could you post this script somewhere, so that I could add some
> >>functionality or just use it ?
> >>
> >>
> >This is similar to what I do... except
> >
> >I just run a cronjob every so often... daily.. weekly.. what have you.. 
> >that will restart ipfw...  probably there is a cleaner solution, but it
> >does the job for me.... as far as cleaning out the dozens of IPs that get 
> >blocked for connecting to ports they shouldnt on my boxes
> >
> >_______________________________________________
> >freebsd-security at freebsd.org mailing list
> >http://lists.freebsd.org/mailman/listinfo/freebsd-security
> >To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
> 
> 
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
> 
Chris
-- 
Computer games don't affect kids; I mean if Pac-Man affected us as kids,
we'd all be running around in darkened rooms, swallowing magic pills and
listening to repetitive electronic music.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20050408/d26fa99d/attachment.bin