[Tfug] Stopping repeated login attempts
Jon
bigj at voipmogul.net
Thu Jan 28 09:03:12 MST 2010
John Gruenenfelder wrote:
> On Mon, Jan 25, 2010 at 10:57:13PM -0700, Louis Taber wrote:
>
>> Denyhosts looks interesting: http://stats.denyhosts.net/stats.html
>>
>> What works best for the effort needed to set it up?
>> What is going to require the least long term maintenance?
>>
>> Thanks. - Louis
>>
>
> I second the use of DenyHosts. I'm using it on all of my machines with Net
> exposed SSH access. It is very fast and easy to set up and it works wonders
> against brute force attacks and will stop them in very short order.
>
> It also recognizes the difference between a remote attacker trying random
> users and somebody repeatedly going after an existing account. You can make
> it more or less lenient towards different types of "attacks" so that you don't
> accidentally lock somebody out who is a lousy typist. DenyHosts can also
> reset the counters upon successful login, if you wish, which significantly
> lowers the chances of accidental lockout.
>
> Lastly, I find it much more robust than an inetd or sshd based solution and
> much easier to handle than a firewall-only based one.
>
>
>
No, no. no. According to some experts on this list you just change the
port number and your problem is solved. Why would you want to *actually*
fix the problem when you can just "move" the problem hoping no one finds
it again?
Where's the "SarcMark" when you need one :)
--
Jon
www.VoIPmogul.net
More information about the tfug
mailing list