Hello,
I must say that is very interesting to watch logs on my hosts for last
4-5 months
because volume of ssh-attempted/failed-logins has becoming really large.
It's rather new trend to go brute force on some hosts.....so you can look at
your logs and see few hundred attempts for guessing passwords.
I must say that only real good approach to solving this problem was
creating
following procedure....
I have 10 servers.....and this is general idea....
When one of the servers detects 5 logins in a row from the same IP ADDRESS
in given time it marks that IP and stores it in database...and when
other hosts
detect failed logins...they check database and if host is marked BAD the put
it in IPTABLES -j DROP.
With this approach I have ring of detect/protect system that guards from
potential 31337 crackers ......
Whole idea is bigger than this...but i leave it to your
imagination....because
it's really easy to extend this idea to anything......
sy.
Nikola.
Received on Jul 05 2006
Intro
