This is a discussion on Re: Advice on dealing with scripted SSH attacks? - openssh ; I don't know if it is exactly what you are looking for, but I know a lot of people that are using the Ossec HIDS to block these attempts. It analyzes the logs in real time and after a few ...
I don't know if it is exactly what you are looking
but I know a lot of people that are using the Ossec
HIDS to block these attempts. It analyzes the logs in
real time and after a few number of failed logins or
invalid users from the same source IP, it blocks this
IP for a few minutes (default to 6 minutes). It is
very easy to install and can be helpful
*a new version has just been released
Daniel B. Cid
dcid @ ( at ) ossec.net
--- "Zembower, Kevin"
> What's the current advice on dealing with scripts
> that repeatedly try to
> log onto SSH using a list of common usernames and
> 'password' for the
> password? I get up to 4,000 of these a day from a
> single server. In
> searching Google on this, I've learned of techniques
> using PAM and
> firewall rules that are created dynamically in
> response to log-in
> Can someone point out a link or tell me what they
> think are the best
> practices for dealing with this? Sooner or later,
> one of my users is
> going to have the unfortunate combination of a
> common user name and a
> bad password.
> Ideally, what I'd like would be a system that
> exponentially increases
> the timeout period after each repeated failed login
> attempt from the
> same host up to a maximum of 10-20 minutes before
> Thanks for your advice.
> -Kevin Zembower
Novo Yahoo! Messenger com voz: Instale agora e faça ligações de graça.