Re: Temporarily Disable IP

[Boris Pavlov <edi@elib.minfin.bg>]

hi there;

also, changing the default port for the ssh greatly (100%) alleviates 
such bruteforcing and most important, the side effects. i've seen 
smaller machines (2xPII500) to go "high" loadavg only from this... 
errr.. usage. which is a problem in most cases - the tools used to brute 
force seems to be quite dumb and are eating up bandwith and cpu. 
changing the port is good "first aid".

wwell edi

Markus Beck wrote:

> On Thu, 06 Oct 2005 04:05:04 +0530
> Ritesh Raj Sarraf <riteshsarraf@users.sourceforge.net> wrote:
>
>  
>
> > I need to allow my clients to have ssh access. I'm not sure if they
> > are going to use strong passwords. No enforcement.
> >
> > The attacks are being made using a dictionary, I guess.
> > For user foo they are trying 100's of combinations.
> >
> > I was looking for something like,
> > if 5 unsuccessful ssh logins from IP x
> >        Temporarily Deny IP x
> >    
>
> Hello,
>
> I think playing with LoginGraceTime is a better solution for this
> problem preventing e.g. the risk of a denial of service with spoofed
> addresses. Besides, encouraging users to use strong passwords is a must
> (I know a guy who is quite good in guessing passwords - once he guessed
> a password of a user in the 1st try by hand (not using a dictionary and
> the password wasn't the users name)). 
> Additionally, most dictionary attacks on ssh focus on
> ssh-implementations not for Linux that come up with some
> default-accounts.
>
> Sincerely,
> Markus Beck
>
>
>