|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Brute force SSH attack confounds defenders
|
----- Original Message -----
From: Alex Valentine
> Problem solved.
>
> http://denyhosts.sourceforge.net/
----- Original Message -----
>From the 2nd link.
They are talking bot***NET*** level attacks. But still thanks.
Tools like DenyHosts, BruteForceBlocker or fail2ban for preventing attacks on SSH servers usually count the number of failed log-in attempts from one IP address and enter addresses that exceed a given threshold on a blacklist (usually /etc/hosts.deny) or as a rule in the firewall. The system subsequently blocks any further log-in attempts from blacklisted remote IP addresses.
The distributed method prevents the tools from flagging attackers after only a few log-in attempts. Depending on the scale of the distributed attack, several thousand attempts to log into an account can be made. The attacks are suspected to be carried out by botnets.
--------------------------------------------------
Brian Vagnoni
PGP Digital Fingerprint
F076 6EEE 06E5 BEEF EBBD BD36 F29E 850D FC32 3955
--------------------------------------------------
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|