GroundZero Security wrote: > Well i had a few minutes time, so i updated the script a bit. > > I did not use lastb though, as it wouldnt work (read the manpage.....) > Anyhow, maybe someone found it usefull so here is v.0.2 : > > http://www.groundzero-security.com/code/bruteforce-block.sh > > Any suggestions are welcome, insults and flames can be sent to /dev/null > > -sk > > GroundZero Security Research and Software Development > http://www.groundzero-security.com > > Wir widersprechen der Nutzung oder Übermittlung unserer Daten > für Werbezwecke oder für die Markt- oder Meinungsforschung (§ 28 Abs. 4 BDSG). > > pub 1024D/69928CB8 2004-09-27 Stefan Klaas <sk@xxxxxxxxxxxxxxxxxxxxxxx> > sub 2048g/2A3C7800 2004-09-27 > > Key fingerprint = A93E 41F8 7E82 5F2C 3E76 41F1 4BCF 3096 6992 8CB8 > > -----BEGIN PGP PUBLIC KEY BLOCK----- > Version: GnuPG v1.0.6 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > mQGiBEFX440RBADGTKOgZR9Y9VA/cfNLWTIN/OmXe9l6UZJ6pY8Hqcv6DFE//Kt9 > UfQMU470i+I7SvIHZN066Kl4ts4r90sLxXrE4r5VQCLTsJM68cliatrM8MbbZZs+ > xf3ldelZrHNvHkXDk4I/n3O56F9M6tZ/S71AIj++raIbFX57fn8Z8NNOnwCgwDr6 > LDVP+5N4DML1/+uvXNtoL30D/A/GUXd6lJ8i7MoZMzwKk1uwDsgWwP+Wm0hMwJMr > fR/di9K55pGdlGFNO5P2L3qOl2BaC8raNkLcXaweW+bao3P66nzpdtmecsjCMWq2 > tQWgu/O7S1FgzlUAKJSOc2Th5PY9Raum8bXnSv4gnHZCKjNskIdrz8WDxCzEoPtZ > eCssA/9ydHRvNIPjOTmzjXoE+UbJrB/U//u3dpAsLkzclKeSgjV2eYUgHGcqYn+H > cFoubD78yFWqZqYtxfiyjBlItsIn9ls0gAZFKDFHd1XfOLFSa0/NHNpHLxCZGFIA > tQ0Gp47VRmTPkWJ7lB505w0XioNs1H/1K1RSp++7+t1SNkBlobQpU3RlZmFuIEts > YWFzIDxza0Bncm91bmR6ZXJvLXNlY3VyaXR5LmNvbT6IVwQTEQIAFwUCQVfjjQUL > BwoDBAMVAwIDFgIBAheAAAoJEEvPMJZpkoy4AnYAmwTot1PMUty1YoCuMVg6cpr7 > HKy1AJ98jyzD365YkIQAEiihXlQJ4zrxBLkCDQRBV+OvEAgAiu75prsTQZdNijtY > eMQhl4tEL8qi8JOFluYGnvPYjDzU0PY9E4mNx/w2BgYcM3lTVzSmaiLEJ1AzeOHn > w+pLDWsorRZuVI9q3+ExW3s2yFX4ppdHAVBMuYsQyVJRkbobCkcwTbUYXr23pKzh > D8WRAJ991k2lNcQHxMgixAN+55XBFLhwLB0Yz7XmhFYLid5dLxdPllLIV3ZHDeY0 > SEqMSpw96+gV0QpX7YH9U2VBr3Wz7Ss6qNZkcgHQw1xmk6Yy24QnT4a9oZD06Yjr > cCocXnyI/YLW1wXo/6Hh44UH3b9mKUX6eh8ybn7QCnZDG7AdxbglLiPTkdcx0YoT > NANZBwADBwf8CrjVKiXSzyhUsdH1es1KQCZ/zH6PvPzdxqYuGuVVMzgaJeeOMS2G > 4rLfw2ILahAS0fjng6zX2c1ndPVJ6oAq3IygWsqJH6Uh23NmKTlyx3KtSgyW7YsB > Rn/4wobuojArTHTl+X3U4JZTUEb9E4osB9bFjdsgXcxNSwXghQMh1x5eS5/fcjLd > tACNq0x2/zh8zTJFHK+oNCLY2+iBjTUn7K03rEhQo6HqbPYwyc3LUCwBuFHFDVWp > bZqa4knO0H5BBmbiI09kaVPOs0qRLXCAf1oy9PxK5ZBJ4WfQAnMAU+TuNrTuW2SU > NMh92TCELdDpl/pMDbbBGeJdMvXZmY99HIhGBBgRAgAGBQJBV+OvAAoJEEvPMJZp > koy4p1QAoIaYw3VxA0/mixUsMO4R13sXIL/pAJ9zodR+A9+bLqCRlVusG8JhItv1 > Ow== > =E0o1 > -----END PGP PUBLIC KEY BLOCK----- > > Diese E-Mail kann vertrauliche Informationen enthalten. Wenn Sie nicht der > richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, > informieren > Sie bitte sofort den Absender und vernichten Sie diese E-Mail. > Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail oder von > Teilen dieser E-Mail ist nicht gestattet. > > This E-mail might contain confidential information. If you are not the right > addressee > or you have recived this Mail in error, please inform the Sender as soon as > possible > and delete this E-Mail immediately. You are not allowed to make any copies or > relay this E-Mail. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > 2 good solutions to this problem are: 1) put sshd to listen on a port that nmap or other port scanner doesn't scan by default (> 60000, as example). 2) Completely disable password authentication and leave only public key authentication enabled. Much more secure, as there is no password, except the one used to unlock the secret key, on the client's machine, which is never sent on the wire. Whit these 2 measures, you avoid a lot, if not eliminate completely, brute force attacks. And using other methods as --hashlimit from iptables and other methods from other firewall solutions, or even a port knocking system, may solve this problem better, then running log analyzers that detects these attempts and blocks the attackers in "real time". My 2 cents, -- Giancarlo Razzolini Linux User 172199 Moleque Sem Conteudo Numero #002 Slackware Current Snike Tecnologia em Informática 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/