Re: blocking an ip after n failed login attempts
On Wed, 15 Aug 2001, David N Moore wrote:
> Hi,
> I have been poking around with google looking for some ideas
> for a solution to this problem. Can you think of an easy way to block
> all connections from a certain ip if it tries log in say 5 times and
> fails? The idea being that it would stop someone from using a
> dictionary-based attack if they had a user-name.
>
> Any input would be appreciated.
You could use swatch. This program searching files for a given patern and
then react exucting command, or just writing warning to the console.
You must write a short program that create ip named files in special
directory where it stores number of failed connections, if the number
written to file is bigger or equal to the max_failed_connect it would
execute iptables -t filter -I input -s $IP -j DROP. If this
max_failed_connect is smaller it would only increase it.
--
Robert Magier
Reply to: