AW: blocking an ip after n failed login attempts

To: "Radu Florian" <rflorian@cs.jhu.edu>, "David N Moore" <dnmoore@gilling.net>
Cc: <debian-security@lists.debian.org>
Subject: AW: blocking an ip after n failed login attempts
From: "Michael Boehme" <mboehme@webdiscount.net>
Date: Wed, 15 Aug 2001 23:17:29 +0200
Message-id: <[🔎] NFBBJOPBDHBIBGENEGBOGEHNCHAA.mboehme@webdiscount.net>
In-reply-to: <[🔎] 3B7AE69D.2010203@cs.jhu.edu>

Hmm...

If it´s that what you were looking for, try

route add -host <ip> gw 127.0.0.1

That´ll blackhole it and you won´t have to modify the file for that.

Michael

-----Ursprüngliche Nachricht-----
Von: Radu Florian [mailto:rflorian@cs.jhu.edu]
Gesendet: Mittwoch, 15. August 2001 23:16
An: David N Moore
Cc: debian-security@lists.debian.org
Betreff: Re: blocking an ip after n failed login attempts


David N Moore wrote:

> Hi,
> 	I have been poking around with google looking for some ideas
> for a solution to this problem.  Can you think of an easy way to block
> all connections from a certain ip if it tries log in say 5 times and
> fails?  The idea being that it would stop someone from using a
> dictionary-based attack if they had a user-name.
>
> Any input would be appreciated.
>
> -dave
>
>
>

   I would just add the IP address in the /etc/hosts.deny file;
something like:

portmap: <ip-address>

   would do the trick.

   Hans


--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org

Reply to:

References:
- Re: blocking an ip after n failed login attempts
  - From: Radu Florian <rflorian@cs.jhu.edu>

Prev by Date: Re: blocking an ip after n failed login attempts
Next by Date: Re: The unwanted fish...
Previous by thread: Re: blocking an ip after n failed login attempts
Next by thread: Re: blocking an ip after n failed login attempts
Index(es):
- Date
- Thread