Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: reduction of brute force login attempts via SSHthrough iptables --hashlimit
From: "Gary Leons" <tastytastybeef () googlemail com>
Date: Thu, 2 Mar 2006 15:43:24 +0000

On 3/2/06, GroundZero Security <fd () g-0 org> wrote:

After all it works. There are always more ways to do it, but if its -A1 or
-1 really doesnt matter at all, its just you have to be pedantic over it i guess.
Yep im not a bash guru maybe,but i really dont care much for optimization
on a lame script like this as long as it WORKS and is not insecure.

If you really think it sucks sooo much that you cant take it, then before you reply to this mail now,
go and optimize it and send your version to FD then you can be happy and feel superior :-)


for i in `lastb -ai | awk '{print $(NF)}' | sort | uniq -c | sort -n |
awk '{if ($1 >= 7) print $2}'`; do
    if ! grep -q "sshd: ${i}" /etc/hosts.deny; then
        printf "# %s\nsshd: %s\n" "`date`" "${i}" >> /etc/hosts.deny

5 lines, adds hosts with more than 7 failed logins to hosts.deny, run
it from cron.
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]