RE: [MLUG] Debian SSH root access keys

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: MLUG Members <EMAIL:PROTECTED>
Subject: RE: [MLUG] Debian SSH root access keys
From: Mike Miller <EMAIL:PROTECTED>
Date: Fri, 16 May 2008 00:34:05 -0500 (CDT)
Delivery-date: Fri, 16 May 2008 00:34:26 -0500
Envelope-to: EMAIL:PROTECTED
In-reply-to: <EMAIL:PROTECTED>
References: <EMAIL:PROTECTED><EMAIL:PROTECTED><EMAIL:PROTECTED><EMAIL:PROTECTED> <EMAIL:PROTECTED> <EMAIL:PROTECTED>
Reply-to: MLUG Members <EMAIL:PROTECTED>
Sender: EMAIL:PROTECTED

On Thu, 15 May 2008, Nowlin, Dan wrote:

It is a perl script that runs as a service. It monitors your security log or whatever log sshd reports to for invalid login attempts. If it detects X number of invalid login attempts from the same IP then it puts that IP in a blacklist in iptables. It also keeps a log of how long that IP has been blocked and removes it after so many days. This way your blacklist does not get too long.

I'll have to try sshblacklist one of these days. Sounds like a great design.

Mike

_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members

References:
- [MLUG] Debian SSH root access keys
  - From: Mike Miller <EMAIL:PROTECTED>
- Re: [MLUG] Debian SSH root access keys
  - From: Daniel Nowlin <EMAIL:PROTECTED>
- Re: [MLUG] Debian SSH root access keys
  - From: Mike Miller <EMAIL:PROTECTED>
- RE: [MLUG] Debian SSH root access keys
  - From: "Nowlin, Dan" <EMAIL:PROTECTED>
- RE: [MLUG] Debian SSH root access keys
  - From: Mike Miller <EMAIL:PROTECTED>
- RE: [MLUG] Debian SSH root access keys
  - From: "Nowlin, Dan" <EMAIL:PROTECTED>

Prev by Date: RE: [MLUG] Debian SSH root access keys
Next by Date: Re: [MLUG] Debian SSH root access keys
Previous by thread: RE: [MLUG] Debian SSH root access keys
Next by thread: [MLUG] Linux and domain question
Index(es):
- Date
- Thread