[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Freedombox-discuss] Block brute force login attacks?

Den 18 mar 2014 13:46 skrev "Petter Reinholdtsen" <pere at hungry.com>:
>
> Hi.

Hello

> On all my machines, I install denyhosts with a two hour timeout
> (DAEMON_PURGE = 2h), to block those trying to brute force a ssh login.
> Should we do something similar on the Freedombox?

This can be done directly by iptables, (but not yet with iptables6 for
ip6tables ).

So I would suggest using a firewall utility instead, like ufw or shorewall.

...

> The default for denyhosts is to block forever, while my experience is
> that this can cause denial of service if I type the wrong ssh key
> password three times or cancel a commit over ssh, so in my view it si
> too agressive, and a sensible timeout is needed.  Most attackers give
> up after few minutes after they are blocked. I do not know the two pam
> modules, so I do not know if they have a timeout by default.

Yes, I think that is a bit too aggressive to block for more than a couple
of hours. Half an hour to couple of hours after three failed access would
be better, as you suggests. This can be set up in iptables. See ufw
directive "limit".

> --
> Happy hacking
> Petter Reinholdtsen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20140318/e5063fab/attachment.html>
Reply to: