tag:blogger.com,1999:blog-6006114617625504970.post2547543746083081799..comments2024-03-29T00:58:29.857-04:00Comments on Linux Blog: Block ssh brute force attack on OpenSuSeDevOpshttp://www.blogger.com/profile/02331067901785181627noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-6006114617625504970.post-21735601386723853752010-01-27T20:13:46.206-05:002010-01-27T20:13:46.206-05:00I used to like DenyHosts but found it vulnerable t...I used to like DenyHosts but found it vulnerable to log injection attacks where an attacker injects strings into your logs, resulting in any IP they select getting blocked.<br />See: http://www.ossec.net/main/attacking-log-analysis-tools<br /><br />I now use IPtables to rate limit new SSH connections.<br />http://www.rackaid.com/resources/how-to-block-ssh-brute-force-attacks/Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6006114617625504970.post-82927910028153758152009-06-27T17:14:11.398-04:002009-06-27T17:14:11.398-04:00it can be all of them:
* firewall
iptables...-...it can be all of them:<br /><br />* firewall<br /> iptables...--limit 3/minute--limit-burst 1...<br />* inetd hosts.allow/deny<br />* fail2ban<br />* sshd_config : PasswordAuthentication = nojhttp://tnt.aufbix.orgnoreply@blogger.comtag:blogger.com,1999:blog-6006114617625504970.post-57260958527767860982009-06-26T11:28:26.009-04:002009-06-26T11:28:26.009-04:00I don't know about using OpenSuse, but on Debi...I don't know about using OpenSuse, but on Debian I really like DenyHosts. It supports centralized blocklists (optionally, of course) and blocks addresses based on customized combinations of attempts and time. I can set it to block an address if they try more than twice (or 100 times) in 30 minutes (or 3 days). It can also remove addresses from the blocklist after a designated time.MarsianManhttp://marsianman.is-a-geek.com/wp/noreply@blogger.comtag:blogger.com,1999:blog-6006114617625504970.post-85935947211517261722009-06-26T10:39:20.904-04:002009-06-26T10:39:20.904-04:00I think you mean options 3 & 4 not 2 & 3.
...I think you mean options 3 & 4 not 2 & 3.<br /><br />Otherwise good post. Something I like to use is DenyHosts.<br /><br />http://denyhosts.sourceforge.net/<br /><br />Works wonders for me.Patrick Reganhttps://www.blogger.com/profile/04968067222719864658noreply@blogger.com