SSH and login attack
Tarjei Knapstad
tarjei.knapstad at predichem.com
Mon Jun 20 14:34:26 UTC 2005
On Sat, 2005-06-18 at 16:27, Dan Hollis wrote:
> On Sat, 18 Jun 2005, Mike Pepe wrote:
> > Thomas Cameron wrote:
> > > These attacks appear to me to fire multiple concurrent connections to
> > > get around the delay.
> > Possibly. I found a script out there and modified it a bit, this will
> > block the attacker after opening up 3 concurrent connections in 60 seconds:
>
> I prefer pam_abl myself: http://www.hexten.net/sw/pam_abl/index.mhtml
>
> It automatically blacklists IPs which fail more than X logins in a
> user-specified time. All attempts after that fail, even if the user+pass
> supplied is correct.
>
Excellent tip Dan, thanks a lot!
--
Tarjei
More information about the fedora-test-list
mailing list