Menu
▾
▴
Re: [Sshguard-users] new installation
|
From: Adam C. <ada...@be...> - 2009-04-20 03:21:58
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffcc" text="#000099">
<tt>1.4rc3<br>
<br>
I ran a simple test from a known ssh client and purposely entered a bad
password. Sshguard caught it and blocked the host. So I guess I need
to look more closely at why this other attacker isn't getting blocked.
<br>
<br>
It looks like he's trying to guess a user name and then makes one
password attempt before trying another account name. I might need to
lower the threshold to 1 but that could be harsh on real users who
mistype a legitimate password.<br>
<br>
</tt><br>
Mij wrote:
<blockquote cite="mid:CFE...@bi..."
type="cite">
<pre wrap="">On Apr 18, 2009, at 0:56 , Adam Cohen wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Running interactively seems to work fine.
In my log, the message for the release that failed shows an
incomplete IP. (see "Releaseing 4...." below)
It looks like the IP address might not have been parsed out
completely?
Also, not sure how to report this, but my version of Redhat
generates a message that sshguard isn't catching. They look like
this:
Apr 17 14:42:41 prod-02 sshd[12923]: Failed password for invalid
user staff from 209.9.188.68 port 54513 ssh2
</pre>
</blockquote>
<pre wrap=""><!---->
This is supported; which version did you install? Have a peek at the
SVN version
<a class="moz-txt-link-freetext" href="http://sshguard.sourceforge.net/svn.html">http://sshguard.sourceforge.net/svn.html</a>
</pre>
<blockquote type="cite">
<pre wrap="">Can additional scanning rules be added by the user (me?) I will
look at the source in svn to see how this is structured.
</pre>
</blockquote>
<pre wrap=""><!---->
You can sure do that if you're vaguely familiar with Yacc parsers.
In general, users can submit here
<a class="moz-txt-link-freetext" href="http://sshguard.sourceforge.net/newattackpatt.php">http://sshguard.sourceforge.net/newattackpatt.php</a>
I periodically check there and integrate.
------------------------------------------------------------------------------
Stay on top of everything new and different, both inside and
around Java (TM) technology - register by April 22, and save
$200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco.
300 plus technical and hands-on sessions. Register today.
Use priority code J9JMT32. <a class="moz-txt-link-freetext" href="http://p.sf.net/sfu/p">http://p.sf.net/sfu/p</a>
_______________________________________________
Sshguard-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Ssh...@li...">Ssh...@li...</a>
<a class="moz-txt-link-freetext" href="https://lists.sourceforge.net/lists/listinfo/sshguard-users">https://lists.sourceforge.net/lists/listinfo/sshguard-users</a>
</pre>
</blockquote>
</body>
</html>
|
