[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PAM tarpit module for repeated SSH login attempts

also sprach Kevin B. McCarty <kmccarty@Princeton.EDU> [2004.10.19.2052 +0200]:
> Having tired of seeing attempts to log in as root via SSH in my logs, I
> wrote a quick-and-dirty hack to the pam_tally module in order to
> implement a tarpit.

Nice, though it does not look like a tarpit... instead, it just
doesn't respond to requests. A tarpit would start the connection
and hold it instead. Maybe I misunderstand the code, I am not really
a PAM hacker.

It would be nice to have it actually tarpit multiple attempts from
the same IP. Once you have implemented this, I would be happy to
package this for Debian, since it's a really nice tool!

May I suggest something? Instead of tallying attempts for a single
account, why not tally attempts *from* a single IP?

Please do not CC me when replying to lists; I read them!
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer, admin, and user
`. `'`
  `-  Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!

Attachment: signature.asc
Description: Digital signature

Reply to: