Network Security: Detailed info on Re: OpenSSH -- a way to block recurrent login failures?

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Secure-Shell

[Top] [All Lists]

Re: OpenSSH -- a way to block recurrent login failures?

from [Albert Lunde] Network Security

[Permanent Link]

Subject:	Re: OpenSSH -- a way to block recurrent login failures?
Date:	Thu, 23 Sep 2004 08:55:24 -0400

On Wed, Sep 22, 2004 at 01:38:14AM +0200, Javier Sanchez wrote:

Instead of running ssh from xinetd and modify the hosts.deny file using
a script, why not let the script watch excessive failures in auth.log
and pushing and iptables rule ?? I think that this is an easiest way to
solve the issue.


If OpenSSH is built with tcp_wrappers support it's not necessary
to run under inetd/xinetd, the daemon runs normally but checks the
API for access rules.  (A really mutant idea would be to replace
the tcp_wrappers library with something else offering the same
API, or search for the API calls in the OpenSSH code and replace 
them with your own hooks. This could be a way to avoid going
through the filesystem.)

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
OpenSSH -- a way to block recurrent login failures?, Victor Danilchenko Re: OpenSSH -- a way to block recurrent login failures?, Greg Wooledge Re: OpenSSH -- a way to block recurrent login failures?, Milen Minev Re: OpenSSH -- a way to block recurrent login failures?, Alpt Re: OpenSSH -- a way to block recurrent login failures?, Shawn Duffy Re: OpenSSH -- a way to block recurrent login failures?, Javier Sanchez Re: OpenSSH -- a way to block recurrent login failures?, Albert Lunde <= Re: OpenSSH -- a way to block recurrent login failures?, Victor Danilchenko Re: OpenSSH -- a way to block recurrent login failures?, Bartek Krajnik RE: OpenSSH -- a way to block recurrent login failures?, Wilson, Richard E RE: OpenSSH -- a way to block recurrent login failures?, Warner, Randy Re: OpenSSH -- a way to block recurrent login failures?, Casey RE: OpenSSH -- a way to block recurrent login failures?, Baker, Darryl

Previous by Date:	RE: Replacing User Authentication Method (with version), Muhammad Naseer Bhatti
Next by Date:	PubkeyAuthentication for Specific User Only, Richard R
Previous by Thread:	Re: OpenSSH -- a way to block recurrent login failures?, Javier Sanchez
Next by Thread:	Re: OpenSSH -- a way to block recurrent login failures?, Victor Danilchenko
Indexes:	[Date] [Thread] [Top] [All Lists]