Am 06.01.2007 um 16:27 schrieb Michael Rash:
On Jan 06, 2007, Jan Engelhardt wrote:
I've seen a few references here to scripts that monitor attacks and
dynamically update iptables rules to knock down the attacks. Can
anyone
provide some good research starting points or sample scripts that
they use?
denyhosts.sf.net?
While denyhosts is a good concept, I question whether it provides a
real
security benefit. If a new remotely exploitable vulnerability is
discovered in OpenSSH (or other ssh implementation) it will most likely
have nothing to do with trying to brute force passwords. Doing a quick
search through http://www.securityfocus.com/bid/ turns up recent SSH
security issues (not necessarily highly critical, but it is only a
matter of time).
.. its recommendable as a second instance of a "firewall" framework.
--
This sounds also good: http://fail2ban.sourceforge.net
Best Regards
CM
