Re: SSH: Brute-force Attacken abfangen?

[Michael Lestinsky <michael.lestinsky@xxxxxxxxxxxxx>]

Michael Lestinsky wrote on  24.01.2007:
> Brute-force-Attacken via SSH

Ich habe gerade im FreeBSD-Portsbaum dieses Projekt entdeckt:

.-----
| michael@mobi:~> portsearch -d denyhosts
| /usr/ports/security/denyhosts
| 
| DenyHosts is a script intended to be run by *ix system administrators to 
| help thwart ssh server attacks.
| 
| If you've ever looked at your ssh log (/var/log/auth.log ) you may be alarmed 
| to see how many hackers attempted to gain access to your server. 
| Denyhosts helps you:
| - Parses /var/log/auth.log to find all login attempts
| - Can be run from the command line, cron or as a daemon (new in 0.9)
| - Records all failed login attempts for the user and offending host
| - For each host that exceeds a threshold count, records the evil host
| - Keeps track of each non-existent user (eg. sdada) when a login attempt failed.
| - Keeps track of each existing user (eg. root) when a login attempt failed.
| - Keeps track of each offending host (hosts can be purged )
| - Keeps track of suspicious logins 
| - Keeps track of the file offset, so that you can reparse the same file
| - When the log file is rotated, the script will detect it 
| - Appends /etc/hosts.allow
| - Optionally sends an email of newly banned hosts and suspicious logins.
| - Resolves IP addresses to hostnames, if you want
| 
| WWW:    http://denyhosts.sourceforge.net/
`-----

Und verwandt:

http://freebsd.munk.me.uk/archives/209-Block-Brute-Force-Attacks-Against-sshd-and-proftpd-Using-blockhosts.html

Ich werde mir beide Projekte mal gruendlich anschauen.

Bye,
Michael

-- 
Michael Lestinsky                   Max-Planck-Institut fuer Kernphysik
michael.lestinsky@xxxxxxxxxxxxx     Saupfercheckweg 1; 69117 Heidelberg
Phone +49 6221 516-202 Fax -602     http://www.mpi-hd.mpg.de
-- 
http://mailman.uugrn.org/mailman/listinfo/uugrn