Le mardi 18 juillet 2006 à 15:00 -0500, Michael Yep a écrit : > I have been blocking some IPs because they are brute forcing my ssh > port. I access this server from many different places so I cant really > just add a few hosts. > I'm talking about 36000 attempts in a short time from some IP addresses pam_abl (in extras) will work for you The good thing is it works at the pam level and not by parsing logs retroactively like denyhosts. So they can do their attempts in whatever short time they want they'll get blacklisted anyway. And every pam-using service is protected. The bad thing is it works at the pam level, it won't interface with iptables like denyhost so even if it's blocking something you'll still pay some processing time. However I rather like the fact the bad guys have no way to know they are blocked (unlike a firewall-level solution) so they can't optimise attacks by giving up on hosts which have detected them. Of course if you never change your passwords and want to allow ssh logins from everywhere a low-intensity distributed brute-force attack is going to get you regardless of the solution used. But I don't think crackers are that deseperate (yet) -- Nicolas Mailhot
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
