Repeated attacks via SSH
Subhi S Hashwa
lists at subhi.com
Sun Oct 2 17:48:01 PDT 2005
Sunday, October 2, 2005, 11:08:45 PM, Don Lewis wrote:
> It's also a good idea to only allow public key authentication from
> remote hosts. This avoids the risks of password guessing and password
> capture by shoulder surfers or key loggers.
I came across this package in ports, which could be useful in this
type of situation
/usr/ports/security/bruteforceblocker
BruteForceBlocker is a script, that works along with pf - OpenBSD's firewall.
When this script is running, it checks sshd's auth log for Failed Password
attempts and counts it's number. When given IP reaches specified number of
fails, script adds this IP to the pf's table and block any other traffic to
the given box. If you are bored of those automated auth tries, you will be
happy with this script.
WWW: http://danger.rulez.sk/projects/bruteforceblocker/
--
Best regards,
Subhi S Hashwa mailto:lists at subhi.com
When everything is heading your way, you're in the wrong lane.
More information about the freebsd-security
mailing list