yeh, common dude he just avoided a problem or was it a intentional
backdoor? A better way could be blocking the rate of no of SYN to port
22 by iptables form any IP itself. (yeh, whitelist few first)
see thats the reason to use KEY instead of passwd.
On 3/1/06, GroundZero Security <[EMAIL PROTECT
On 3/1/06, GroundZero Security <[EMAIL PROTECTED]> wrote:
> Well i had a few minutes time, so i updated the script a bit.
>
> I did not use lastb though, as it wouldnt work (read the manpage.)
> Anyhow, maybe someone found it usefull so here is v.0.2 :
>
> http://www.groundzero-security.com/cod
GroundZero Security wrote:
> Well i had a few minutes time, so i updated the script a bit.
>
> I did not use lastb though, as it wouldnt work (read the manpage.)
> Anyhow, maybe someone found it usefull so here is v.0.2 :
>
> http://www.groundzero-security.com/code/bruteforce-block.sh
>
> An
Well i had a few minutes time, so i updated the script a bit.
I did not use lastb though, as it wouldnt work (read the manpage.)
Anyhow, maybe someone found it usefull so here is v.0.2 :
http://www.groundzero-security.com/code/bruteforce-block.sh
Any suggestions are welcome, insults and flam
Well, as expected, this, like most postings here, generated much heat and
actually a little light :) Particular thanks to those who went to the
effort to write scripts to read log files and make a more permanent
reaction than iptables --hashlimit provides, and to further take the
expected heat
On 2/28/06, GroundZero Security <[EMAIL PROTECTED]> wrote:
> you may be able to add a bogus ip (wow your l33t), but it wouldnt be of any
> use so...
Uhh, no use? -s accepts a netmask as well as addresses, it's not just
"add a bogus ip", I can effectively kick your machine off the network.
Apart f
those bruteforce attacks?
- Original Message -
From: "Gary Leons" <[EMAIL PROTECTED]>
To: "GroundZero Security" <[EMAIL PROTECTED]>
Cc: "Jay Libove" <[EMAIL PROTECTED]>;
Sent: Tuesday, February 28, 2006 10:52 PM
Subject: Re: [Full-disclo
On 2/28/06, GroundZero Security <[EMAIL PROTECTED]> wrote:
> Hello,
>
> i made a small bash script last year to block those bruteforce attempts
> automatically via the firewall.
> In case someone is interested, i released it on our website. Someone may have
> a use for it :-)
> http://www.groundz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
was fail2ban ( http://fail2ban.sourceforge.net/ ) already mentioned?
It works like -sk's script. It searches your auth.log (or wherever your
sshd messages go to) for all typical sshd failure-messages.
After a user-defined count of "n" login failu
o make any copies or
relay this E-Mail.
- Original Message -
From: "Jay Libove" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, February 28, 2006 2:23 AM
Subject: [Full-disclosure] reduction of brute force login attempts via SSH
through iptables --hashlimit
> Quite some time
I haven't tried this myself, and I don't know if it is already
suggested, but this should stop all the pesky scriptkiddies from
filling up your logs. Might prove to be a better solution, who knows:
http://aplawrence.com/Security/sshloginattack.html
Matthijs
Quite some time back, I posted a question here about brute force login
attempts through SSH which had recently become a noticeable annoyance.
There was some discussion here on the list, someone suggested using
hashlimit, and I think the issue of brute force attempts through SSH has
become just
12 matches
Mail list logo