Re: blocking an ip after n failed login attempts

To: <debian-security@lists.debian.org>
Subject: Re: blocking an ip after n failed login attempts
From: Robert Magier <isyn@isi.wat.waw.pl>
Date: Wed, 15 Aug 2001 23:30:06 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.4.33.0108152323400.2186-100000@dino.wcy.wat.waw.pl>
In-reply-to: <[🔎] 20010815112121.B17858@prime.konkers.net>

On Wed, 15 Aug 2001, David N Moore wrote:

> Hi,
> 	I have been poking around with google looking for some ideas
> for a solution to this problem.  Can you think of an easy way to block
> all connections from a certain ip if it tries log in say 5 times and
> fails?  The idea being that it would stop someone from using a
> dictionary-based attack if they had a user-name.
>
> Any input would be appreciated.

You could use swatch. This program searching files for a given patern and
then react exucting command, or just writing warning to the console.
You must write a short program that create ip named files in special
directory where it stores number of failed connections, if the number
written to file is bigger or equal to the max_failed_connect it would
execute iptables -t filter -I input -s $IP -j DROP. If this
max_failed_connect is smaller it would only increase it.

--
Robert Magier

Reply to:

References:
- blocking an ip after n failed login attempts
  - From: David N Moore <dnmoore@gilling.net>

Prev by Date: Re: The unwanted fish...
Next by Date: Re: The unwanted fish...
Previous by thread: AW: blocking an ip after n failed login attempts
Next by thread: Re: blocking an ip after n failed login attempts
Index(es):
- Date
- Thread