Re: SSH Cracking Attempts

To: debian-user@lists.debian.org
Subject: Re: SSH Cracking Attempts
From: Nicolas <ripley@8d.com>
Date: Wed, 29 Sep 2004 16:10:58 -0400
Message-id: <[🔎] 200409291610.58613.ripley@8d.com>
In-reply-to: <[🔎] 20040929140958.4ebc7c97@jacob.6texans.net>
References: <[🔎] 20040929140958.4ebc7c97@jacob.6texans.net>

> So, my question is this. Is there a way to tell ssh to refuse
> connections from an ip address after a certain number of failed login
> attempts, or is snort the only way to do something like this? So far
> I've been taking the manual approach, blocking the ip address with
> my firewall after I see it hitting the logs, but that can give them
> about an hour to play before I notice it (e-mailed to me by logcheck).
>
> Any suggestions?

If you dont have to much user who log in your server, you can allow only them 
from specific IP to log in.  Or you can disable the password facility and 
only use keys (we do it this way at the job, It's also what I do at home).

 Nic Cola

P.S.
 Just for the fun of it, you can also tarpit the IP of the script kiddy ;o)

-- 
()  ascii ribbon campaign - against html e-mail 
/\                        - against microsoft attachments

Reply to:

Follow-Ups:
- Re: SSH Cracking Attempts
  - From: Jacob S <stormspotter@6Texans.net>
- Re: SSH Cracking Attempts
  - From: Glyn Tebbutt <plastic_d3c3it@yahoo.co.uk>
- Re: SSH Cracking Attempts
  - From: "Jamin W. Collins" <jcollins@asgardsrealm.net>

References:
- SSH Cracking Attempts
  - From: Jacob S <stormspotter@6Texans.net>

Prev by Date: Re: The singer Teresa Teng information (¾HÄR§g)
Next by Date: Re: SSH Cracking Attempts
Previous by thread: SSH Cracking Attempts
Next by thread: Re: SSH Cracking Attempts
Index(es):
- Date
- Thread