[net] user connction to sshd
tensai at zmonkey.org
Sun Jul 10 23:52:38 MDT 2005
On Sat, 2005-07-09 at 23:05 -0600, Jeff Schroeder wrote:
> 2) It would be clever and effective to have some process running on your
> server, and when it detected multiple failed SSH login attempts, it
> would add a rule to a running iptables ruleset to block that IP. This
> is reactive, rather than proactive, but stops repeated hits from the
> same place.
That /would/ be pretty cool. I wonder if anybody has written such a
thing. Oh, yeah. *I* did! It's called SSH Lockout.
Version 0.4.0 now supports CIDR whitelists, syslog and sports a spiffy
new SYS V init script. Contributions are always welcome. I've been
running it on my servers for quite some time and found it extremely
> I imagine after a few days you'd have an impressive blacklist. ;)
Well, by default it automatically removes the firewall rule after a
while. I've never thought about publishing my results. Anybody think
that would actually be useful?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://plug.org/pipermail/plug/attachments/20050710/f6cfa98b/attachment.bin
More information about the PLUG