On Sun, 2005-10-02 at 21:00 -0700, Vladimir G. Ivanovic wrote: > Has anyone ported sshdfilter to FC4? It seems like such a useful > program now that I'm getting lots of ssh-based attacks. > > http://www.csc.liv.ac.uk/~greg/sshdfilter/ >From that page" >115 attempts becomes 1 attempt - first guess was for root and is >allowed a default of 3 chances, the second guess was for a non-existant >user and so was blocked anyway. I hope that's configurable - ssh to root should never be allowed (I know Fedora enabled by default, turn it off) - so 1 attempt should block :) Also- >107 attempts becomes 1 attempt - first guess was for a valid user >(nobody), second guess was for a non-existant user so was blocked. Any attempt to ssh in as a user with a UID below 100 should be blocked immediately. I would personally recommend any UID below 500 be blocked immediately. -=- Looks like a nifty package for those who have to have ssh exposed to the outside world. I would recommend modifying it though to block anything immediately trying to ssh in to a UID below 500, and be a little more lax on non existing accounts - could be username was a typo from a legitimate user.
