Re: Blocking SSH attackers

To: Stephen R Laniel <steve@laniels.org>
Cc: debian-isp@lists.debian.org
Subject: Re: Blocking SSH attackers
From: tps@unslept.com (tps)
Date: Mon, 31 Oct 2005 16:09:56 -0500
Message-id: <[🔎] 20051031210956.GA19616@unslept.com>
In-reply-to: <20051031170856.GR9955@TheloniousMonk.laniels.org>
References: <20051031170856.GR9955@TheloniousMonk.laniels.org>

On Mon, Oct 31, 2005 at 12:08:56PM -0500, Stephen R Laniel wrote:
> As with a lot of other people, I've noticed lots of attacks
> on SSH recently. Just yesterday, my company got 1,611 failed
> ssh logins within an hour.
> 
> Two questions, then -- one specific and one general:
> 
> 1) What do y'all use to block attackers like this? It seems
>    to me that anyone who tries to login with a nonexistent
>    login name should be blocked immediately, for at least an
>    hour. Anyone who tries to login as an account like root,
>    and fails more than once, should be similarly blocked. I
>    can imagine encoding certain 'block policies', and
>    writing something based around hosts.deny that enforces
>    it. Is there an accepted "best practice" that works like
>    this?

apt-get install fail2ban



-- 
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>> Tim Sailer (at home)             ><  Coastal Internet, Inc.          <<
>> Network and Systems Operations   ><  PO Box 726                      <<
>> http://www.buoy.com              ><  Moriches, NY 11955              <<
>> tps@unslept.com/tps@buoy.com     ><  (631)399-2910  (888) 924-3728   <<
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

Reply to:

Prev by Date: Re: megaraid and 2.6 kernel
Next by Date: Re: Blocking SSH attackers
Previous by thread: Re: Blocking SSH attackers
Next by thread: Re: Blocking SSH attackers
Index(es):
- Date
- Thread