[Tfug] Throttling SSHD
Jon
bigj at tfug.org
Wed Nov 30 15:34:35 MST 2005
Adrian said:
> On Tuesday 29 November 2005 19:43, Mike Martinet wrote:
> [snip]
>> This is getting out of hand!
>>
>> unknown (221.165.2.59): 1707 Time(s)
>> root (210.219.251.113): 640 Time(s)
>> unknown (210.219.251.113): 344 Time(s)
>
> That was me.... In addition to the other posts of groups/false shells, I
> would
> suggest disabling root access via SSH (since that is the most valuable
> target
> that most attempts target), via "PermitRootLogin no" in the sshd_config
> file.
>
> Also, some tools for banning clients:
> fail2ban http://fail2ban.sourceforge.net/
> denyhosts http://denyhosts.sourceforge.net/
> pam_abl http://www.hexten.net/pam_abl/
> sshdfilter http://www.csc.liv.ac.uk/~greg/sshdfilter/
>
I prefer http://www.rfxnetworks.com/. It appears to be down right now
though. It's easy to setup (For me anyways) and allows blocking of IPs for
failed connections of numerous services (ftp,ssh,telnet,pop,imap,etc).
I use it mainly at work as several servers were getting hammered with the
same crap as the rest of you. Works great.
--
Jon
More information about the tfug
mailing list