[clug-talk] SSHD - under attack
Dan Graham
grahamdk at telus.net
Wed Jul 5 22:15:24 PDT 2006
On Wednesday 05 July 2006 22:15, Peter Van den Wildenbergh wrote:
> I got an IPCop firewall is there any way I can automate a temporarly block
> (DROP package IP table rule) for source address after 3 unsuccessful
> attempts from the same IP? The ssh server is sitting behind the IPCop.
>
> Snort maybe? Although I don't know that product.
> Any 'known' easy plug-ins for IPCop?
Maybe just disable passwords on ssh and use keys instead. A much better
explanation can be found here http://la-samhna.de/library/brutessh.html
along with a number of other methods for dealing with brute force attempts on
ssh.
All the best, Dan
More information about the clug-talk
mailing list