just a question regarding ssh... hey... i know this is a bit off thread/topic, but i'm curious... it appears that most of the attacks are automated scripts.. so, given that ssh is open, what would be the downside of building in a kind of basic challenge response/question system... much like what you have with yahoo groups/other sites... since you can't distort some word, given the terminal nature of ssh, would it be possible to insert/force the user to answer some random question, prior to being able to attempt to log into the system?? it's been along time since i looked at the ssh protocols/handshake mechanisms.. thoughts/comments/etc.. -bruce -----Original Message----- From: fedora-list-bounces@xxxxxxxxxx [mailto:fedora-list-bounces@xxxxxxxxxx]On Behalf Of David Cary Hart Sent: Monday, May 09, 2005 8:04 AM To: For users of Fedora Core releases Subject: Re: attack On Mon, 2005-05-09 at 16:37 +0200, roland brouwers wrote: > Hello everybody, > > Someone is attacking for a certain time on port SSH2 > He is trying to login as root and uses all kind of usernames. > See annexed textfile > > How can I block a user after x failed logins? > Can I do something else? I use the swatch daemon to move them to the firewall after one attempt. I believe that there is a swatch rpm in extras. -- Multi-RBL Check: http://www.TQMcube.com/rblcheck.htm Kill Spam at the Source: http://www.TQMcube.com/spam_trap.htm Today's Spam Trap Adds: http://www.TQMcube.com/BlockedToday RBLDNSD HowTo: http://www.TQMcube.com/rbldnsd.htm -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
