-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Javier Fernández-Sanguino Peña wrote:
>>The pam_abl module provides a fully configurable way to automatically >>blacklist users and/or hosts with many login failures within specified >>intervals of time to be temporarily blacklisted, so that any subsequent >>authentication attempt fails (without disclosing the attacker beeing >>blacklisted). As the number of password guessing attacks on ssh servers > I don't think it is that useful, for the reasons outlined at > http://lists.debian.org/debian-security/2004/10/msg00133.html, > you can end up DoSing your legitimate users. I agree with you in that simply blacklisting users in general is not a good idea. On the other hand, blacklisting users can be restricted to a specific list of users, or to *not* to be done for a specific list of users, and can in condition intervals and blacklist duration be configured seperately for every user, which can make sense in specialized environments. Last but not least, user blacklisting can be disabled completely in this pam module. > Blacklisting hosts might make sense (on the Internet, not internally), > blacklisting users doesn't. And, in either case, it makes much more sense to > just prevent exposure by preventing access to your SSH server by blocking per > IP address (either with a packet filter or tcp-wrappers), through use of > knockd, or by doing these _and_ moving the server to a non-standar port so it > does not get probed at all. Certainly, you are right. Unfortunaly, there are multiple cenarios in which it is not possible to block access to the ssh server, use portknocking or even move the ssh server to a non-standard port. Apart from that, the pam_abl module can not only be used with ssh, but with any service accessible via network. With the same or with different databases and/or configurations. So there might well be other uses for the module. Greets, Nico -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iD8DBQFDTAweYm+MkvsfJ58RAmpEAJoC9Knd3jEuVFHVoOvNCtTm+FjqZwCgzKTs Yp07hqWUEsWASZSjov4M7WI= =Z54P -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
