Home page logo

basics logo Security Basics mailing list archives

Re: SSH server under attack...
From: gmHumfrey () yahoo com
Date: 26 Jan 2006 04:21:06 -0000

When a machine I support was getting a significant number of ssh password attempts I went searching and found a utility 
called Daemonshield (http://sourceforge.net/projects/daemonshield/ ) .  You can configure it to block the IP address 
that the attempts are coming from, for a time period that you specify.  In the case of the aforementioned system, I set 
the parameters to 5 attempts locks out for 24 hours. If the system you are supporting as more public requirements you 
may have to set the lockout value a little higher. In this case, your attacker will likely try different IP addresses, 
but at 5 attempts per IP address per 24 hours (or whatever you set) they aren't going to get anywhere fast.  Please be 
aware your attacker can still flood your system with attempts and create a DoS .   

Best Regards

Mike Webb

The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]