Re: Package to block random SSH login attempts?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Adam Rosi-Kessel wrote:
| Is there any Debian package (or free software outside of Debian) that can
| detect random ssh login attempts and blacklist (temporarily or
| permanently) the IP address?
|
| portsentry is similar but not quite on point. As I understand it,
| portsentry will block port scanners, but not people attempting random
| logins.
|
| What I'd like to do is block a particular IP address if there are more
| than, say, 5 attempted logins from nonexistent usernames, and more than
| 10 failed logins from existent usernames.
How about going about it another way. Use knockd to keep everyone out,
unless they use the right knock sequence first. That way, the port would
not even seem to be open.
Paul
- --
/********************** Running Debian Linux ************************
* For God so loved the world that He gave his only begotten Son, *
* that whoever believes in Him should not perish... John 3:16 *
********** W. Paul Mills ********** http://Mills-USA.com/ **********/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBssaJu4tRirKTPYwRAmSPAJ9YzIAkjx452+CetE1wDmrzrQRGfQCZAVnD
qo+o8WXOZWTAvASOAfMhxok=
=jH5m
-----END PGP SIGNATURE-----
Reply to: