I can't believe that I'm the only person with this, so it's probably
worth asking.
I'm one of the (many) people who has opportunists trying usernames and
passwords against SSH... while every effort has been made to secure this
service by configuration; strong passwords; no root login remotely etc.
I would still prefer to block sites using obvious dictionary attacks
against me.
I used to use DenyHosts - but that became annoying as it used rather a
lot of resources (and relied upon tcp wrappers... which, I'm informed
are somewhat old-fashioned)
I migrated to try using iptables as my firewall and using blacklist.py -
which I got working after some minor config-tweaking. I'm aware that
there is configuration in the blacklist.py script for BLOCKING_PERIOD -
but what I really miss the "blocked forever" nature of the DenyHosts
alternative.... though I prefer every other aspect of the
iptables/blacklist.py approach.
Has anyone else resolved this? As far as I'm concerned, once I detect
someone has attempted a brute force (which blaclist.py does
fantastically well) what I want is for no further communication to be
accepted from the IP address - even after I reboot etc. While I don't
know which sites I want to be accessible from in advance, I can be sure
none of them would launch a brute force attack against me. :-)
Recommendations?
I'm looking for the neatest Gentoo way to do this... rather than
recommendations for how to write something to do what I want from scratch...
Steve
--
gentoo-user@lists.gentoo.org mailing list
