[TriLUG] Fw: TALUG: Preventing SSH Dictionary Attacks With DenyHosts

Jon Carnes jonc at nc.rr.com
Mon Feb 20 23:45:31 EST 2006


Like everything in Linux it is very trivial. I had already programmed my
firewall to read a list of IP addresses from a file I named "banned" and
block those IP's. DenyHost keeps a simple text list of IP's that are
denied... the same format as my "banned" file. I pointed my firewall at
the file maintained by DenyHost and then I simply added a line that
makes my firewall re-read that file whenever DenyHost adds a new bad guy
to the list.

As the Irish say: 
  Fool me once shame on ye.
  Fool me twice,shame on me!

Hosts that try to break into my servers don't get a second chance, at
least I do my best to prevent it.

Jon
 
On Mon, 2006-02-20 at 17:01, David McDowell wrote:
> Could you share your modification?  I'm curious.  :D  thanks!
> 
> 
> On 20 Feb 2006 10:35:20 -0500, jonc <jonc at nc.rr.com> wrote:
> > I've been using DenyHost for awhile now and I love it. I modified it so
> > that it deny's all services from any host that attempts the ssh attack.
> > Amazingly enough that seems to have also cut down on my virus traffic...
> > hmmm could there be a correlation here?
> >
> > Jon
> >
> > On Mon, 2006-02-20 at 09:26, Kevin Otte wrote:
> > > As this topic has come up quite a bit:
> > >
> > > ----- Forwarded message from Jason Bechtel <jasonmbechtel at gmail.com> -----
> > >
> > > Date: Mon, 20 Feb 2006 13:47:31 +0000
> > > From: Jason Bechtel <jasonmbechtel at gmail.com>
> > > To: talug at talug.org
> > > Subject: TALUG: Preventing SSH Dictionary Attacks With DenyHosts
> > > Reply-To: talug at talug.org
> > >
> > > <-------- TALUG Info: http://www.talug.org -------->
> > >
> > > The comments to this Howto are as good as the article...  The upshot:
> > > There are lots of ways to do it.  Are you using at least one?
> > >
> > > http://www.howtoforge.com/preventing_ssh_dictionary_attacks_with_denyhosts
> > >
> > > _______________________________________________
> > > talug mailing list
> > > talug at talug.org
> > > http://bridge.uniqsys.com/mailman/listinfo/talug
> > >
> > > ----- End forwarded message -----
> > >
> > > --
> > > Kevin Otte, N8VNR
> > > nivex at nivex.net
> > > http://www.nivex.net/
> > >
> > > -=-
> > >
> > > "Those who cannot remember the past are condemned to repeat it."
> > > -- George Santayana
> > >
> > > "It seems no one reads Santayana anymore."
> > > -- Cdr. Susan Ivanova, Babylon 5
> >
> > --
> > TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ  : http://trilug.org/faq/
> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> >




More information about the TriLUG mailing list