Re: [Full-disclosure] SSH brute force blocking tool

Anders B Jansson wrote:
> Just one possibly silly question.
>
> Why are you working so hard to do this with complex scripts and stuff?
>
> I just wrote a little C snippet that runs on the firewall.
> All servers allowing external ssh send a copy of ssh auth to a port
> on the firewall.
>
> If it detects a brute force it adds the host to the block list and
> everything from that host is silently dropped.
>
> Added a whitelist function to avoid DOS attempts.
>
> Works perfect, and adds community service by letting the trawlers
> hang until they timeout.
>   
The purpose of this wasn't to reinvent the wheel. It was to allow those 
using the tool to report the addresses of anyone brute forcing ssh. 
These addresses are going to be posted for others to see. Something like 
an RBL for brute forcers.


--
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net 

The happiness of society is the end of government.
John Adams

smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/