Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: sshd: entries in hosts.deny

from [Rob Munsch] Network Security [Permanent Link]
Subject: Re: sshd: entries in hosts.deny
Date: Wed, 25 Oct 2006 17:06:18 -0400 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Benjamin Koren wrote:

Just to throw out a no-brainer, do you have "sshd server configured with
tcp_wrappers support enabled" (from
http://denyhosts.sourceforge.net/requirements.html)?


Turns out some servers here - like the one i tested - were.  But we have
some using the debian package

Package: openssh-server
New: yes
State: installed
Automatically installed: yes
Version: 1:4.3p2-5

and they don't!  The test fails on these and only these.  So this
version didn't have 'wrappers compiled in.  Aaargh...

thanks! teach me to not test every host.  Looks like i'm rolling my own.


Rob Munsch wrote:

Hey all,

I'm running
OpenSSH_4.3p2 Debian-2, OpenSSL 0.9.8b 04 May 2006

and using DenyHosts
( http://denyhosts.sourceforge.net )

to stop dictionary attackers, worms, and other pests.  However, i see
denyhosts adding entries to hosts.deny at say 16:45, and the connection
attempts from that same IP continue for a good 5-10 minutes - on the
same host, random login attempts are still being logged uninterrupted to
16:50 or :55.

Does sshd not honor hosts.deny entries?  Is it my version of ssh?  I've
tried both ALL: and sshd: entries in hosts.deny, with no apparent
change.  Any suggestions appreciated.

Thanks!






- --
Rob Munsch
Solutions For Progress IT
www.solutionsforprogress.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFP9HKBvBcJFK6xYURAjU6AJ0XVmkneYG/ZXABTsMjOonvjLNIzgCfazFM
DqS7ZkEDSSwwocEgJj3esR4=
=1/xX
-----END PGP SIGNATURE-----
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: sshd: entries in hosts.deny, Benjamin Koren
Next by Date:  Re: Odd timestampts in /var/log/messages from sshd, Robin Green
Previous by Thread:  Re: sshd: entries in hosts.deny, Benjamin Koren
Next by Thread:  Re: sshd: entries in hosts.deny, Rob Munsch
Indexes:  [Date] [Thread] [Top] [All Lists]