Hi everybody
I have seen an article about configuring active-response to block SSH
bruteforce on https://wazuh.com/blog/blocking-attacks-active-response/
I have configured the direction and added some ssh related rules hoping
that it will prevent the attack, but it doesn't work.
I configured the following in ossec.conf:
<command>
<name> firewall-drop </name>
<executable> firewall-drop.sh </executable>
<expect> srcip </expect>
<timeout_allowed> yes </timeout_allowed>
</command>
<active-response>
<command> firewall-drop </command>
<location> local </location>
<rules_id> 5712,5716,5720 </rules_id>
<timeout> 1800 </timeout>
</active-response>
I still find the password to login after bruteforce, I use the following
command to attack:
hydra -l agent -P /home/attacker/Desktop/list.txt 192.168.10.2 -t 4 ssh
Is there any way the active-response can prevent this
thanks everyone
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ossec-list/919fa86d-af1c-48ce-89bd-dda04d7ced41n%40googlegroups.com.
