chris (fool) mccraw wrote circa 10-04-20 02:28 PM: > It won't let them login even if they guess the right password.
Ahhh, thanks. So, I infer that as long as challenge response is on, it evaluates the login/password simultaneously? I suppose I'll have to RTFM on sshd to see how this all works in detail. It just seems reasonable to me that they would handshake, the client would request a login with password auth, then the server would check for disallowed password auth logins, see that root is in there, then immediately hit back with a "permission for password login denied" or somesuch. > i use the program 'denyhosts' to kick people off the lawn after 3 > failed login attempts. but it only defends against IP's that knock 3 > times. still a lot better to read logs with 3 attempts in, than 3000. > and it's pretty versatile so can work for other services (ftp for > instance) that someone might also try to break into with brute force > repeated attempts. Yep! I really like denyhosts; but I've only used it for ssh so far. > i don't know of anything like that, but if you find something that > isn't talked about on list, please let us know! Wilco. Rods iptables rules look interesting. I really like the teergrube idea with smtp... and just dropping the connection with no response at least increases the attacking script's latency, which appeals to me.... Thanks again. -- glen e. p. ropella, 971-222-9095, http://tempusdictum.com _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
