SSH Attacks Flying Under the Radar?
If you're running SSH servers, do you know how often an intruder tries to brute force guess your logon passwords? Here's a tool that will automatically block those intruders, as well as other intruders who haven't hit your site yet.
July 16, 2008
If you're running SSH servers, do you know how often an intruder tries to brute force guess your logon passwords? To know that, you've got to check your logs one way or another--hopefully you're diligent about that. But what about those times when you don't check your logs?
One way to avoid that type of concern is to automatically block intruders that try to brute force guess your SSH logon passwords. You can do that by using a tool called DenyHosts.
But DenyHosts goes even further if you want it to. The tool can synchronize lists of blocked originating IP addresses with other users of DenyHosts. That means you can block potential intruders before they ever reach your site.
The tool is a Python script that runs on Linux systems. There's also a new tool, report-hack-isp, that is a DenyHosts plugin that you might want to have a look at too.
The plugin will do a lookup of the attacker’s originating IP address, gather contact info for the owner or operator of that IP, and automatically send an abuse report. All of that saves you some time in having to do it yourself, and it also helps network operators get hacked systems since a lot of times such attacks are launched from hacked systems.
About the Author
You May Also Like