brute force attacks
in [FreeBSD]
|
From: MZ on 18 Dec 2009 23:34 I've seen this question pop up in this group here and there, but I'm not sure there's ever been an answer that's satisfied me. If someone wants to use, say, telnet or ftpd, is there a good way to thwart brute force attacks? It would be nice if either of those programs had a lockout feature, or something like that. Are there any clever strategies?
From: Stefan Ollermann on 19 Dec 2009 07:00 MZ wrote: > I've seen this question pop up in this group here and there, but I'm not > sure there's ever been an answer that's satisfied me. If someone wants > to use, say, telnet or ftpd, is there a good way to thwart brute force > attacks? It would be nice if either of those programs had a lockout > feature, or something like that. Are there any clever strategies? You could configure inetd to start those services and limit the connections with (in /etc/rc.conf): inetd_enable="YES" inetd_flags="-C 30" There is a good explanation in the man page for what that parameter does. Kind regards, Stefan
From: Helmut Schneider on 19 Dec 2009 08:00 MZ wrote: > I've seen this question pop up in this group here and there, but I'm > not sure there's ever been an answer that's satisfied me. If someone > wants to use, say, telnet or ftpd, is there a good way to thwart > brute force attacks? Strong passwords?! :) > It would be nice if either of those programs had a lockout feature, or > something like that. Are there any clever strategies? I use pf: http://www.bgnett.no/~peter/pf/en/bruteforce.html expiretable is not in the ports anymore as pfctl does the job now: pfctl -t $table -T expire $seconds Helmut
From: bob prohaska's usenet account on 19 Dec 2009 21:47 MZ <mark(a)nospam.void> wrote: > to use, say, telnet or ftpd, is there a good way to thwart brute force > attacks? It would be nice if either of those programs had a lockout In a related vein, is there a simple way to make sshd report the failures with the offending IP number first, the time stamp second and all else following? That would make it easy to sort and mail the log sections to abuse email addresses. Thanks for reading, bob prohaska
From: John Rushford on 20 Dec 2009 12:17 On Dec 19, 7:47 pm, bob prohaska's usenet account <b...(a)www.zefox.net> wrote: > MZ <m...(a)nospam.void> wrote: > > to use, say, telnet or ftpd, is there a good way to thwart brute force > > attacks? It would be nice if either of those programs had a lockout > > In a related vein, is there a simple way to make sshd report the failures > with the offending IP number first, the time stamp second and all > else following? That would make it easy to sort and mail the log > sections to abuse email addresses. > > Thanks for reading, > > bob prohaska Bob, I gave up emailing to abuse email addresses, this took up too much of my time. Instead, I modified my syslog.conf to write everything login related to a named pipe. I have a perl daemon running that then reads the named pipe and writes everything to auth.log so that I still have the record. The perl script, keeps track of invalid login attempts by IP address and on the 3rd invalid attempt, dynamically blocks that IP with an Ipfilter rule permanently. I write these IP's to a file so that the are automatically blocked when the perl daemon is re- started. I also keep a white list of IP's so that I don't lock myself out :-) John
|
Next
|
Last
Pages: 1 2 3 4 Prev: FBSD 8.10 And VirtualBox 3.1 Next: Point-to-point link without PPP on freebsd? Is it possible? |