Linked by Thom Holwerda on Sun 19th Feb 2006 11:24 UTC, submitted by Falko Timme
Privacy, Security, Encryption "In this HowTo I will show how to install and configure DenyHosts. DenyHosts is a tool that observes login attempts to SSH, and if it finds failed login attempts again and again from the same IP address, DenyHosts blocks further login attempts from that IP address by putting it into /etc/hosts.deny. DenyHosts can be run by cron or as a daemon. In this tutorial I will run DenyHosts as a daemon."
Permalink for comment 97286
To read all comments associated with this story, please click here.
PF! PF!
by Bink on Sun 19th Feb 2006 18:21 UTC
Bink
Member since:
2006-02-19

FWIW, I’ve be using OpenBSD’s Packet Filter (PF) to address this for quite a while now:

pass in log quick on $ext_if inet proto tcp from ! $int_if:network to
( $ext_if ) port ssh flags S/SA keep state
( max-src-conn 5, max-src-conn-rate 3/30 ) queue ( default, interac )

Basically, if more than three connections are made to ssh in 30 seconds, subsequent connections from the offending IP within this time frame are blocked.

And while I don’t use Linux, the following rule actually blocks most of these “attacks”:

block in log quick on $ext_if inet proto tcp from any os Linux to
( $ext_if ) port ssh

Reply Score: 5