Re: PAM tarpit module for repeated SSH login attempts
On Wed, 20 Oct 2004, Michael Stone wrote:
Well, it is assumed that running a pam module will have some side effect
aside from returning PAM_SUCCESS or PAM_ERR. The fin/rst stuff isn't
possible, but just holding the connection open can easily achived by
running sleep(3) in the pam module.
What about using the tarpit netfilter module (which is in the
patch-o-matic of netfilter) to do the dirty work and have the pam module
simply insert/remove firewalling rules? It sounds more like the *nix way
of doing things, with simple, specialised tools for specific purposes...
Giacomo Mulas <email@example.com>
OSSERVATORIO ASTRONOMICO DI CAGLIARI
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)
Tel. (OAC): +39 070 71180 248 Fax : +39 070 71180 222
Tel. (UNICA): +39 070 675 4916
"When the storms are raging around you, stay right where you are"