Menu
▾
▴
Re: [Sshguard-users] Username Blacklisting
|
From: James H. <jam...@gm...> - 2015-05-08 18:22:58
|
That makes sense. So long as the whitelist is applied first. I can specify the few machines I might rarely ssh in as root from all others would would most likely be attacks. How would this apply to other log scanning would there be other regex that should increase the fractional attack value? For example are there http paths that are common targets of exploit? On May 8, 2015 11:03 AM, "Richard Johnson" < rjt...@sa...> wrote: > On Fri, May 08, 2015 at 12:20:46PM -0500, Kevin Zheng wrote: > > On 05/08/2015 11:51, Laurence Perkins (OE) wrote: > > > While we're discussing potential new features, I've noticed that nearly > > > all attackers hit the same list of default usernames (root, pi, ubuntu, > > > etc.) It would be useful to be able to specify a list of usernames > that > > > result in an immediate block without waiting for the login to fail. > > > (Processing the login attempt uses a not-insignificant amount of CPU on > > > low-end machines like a Raspberry Pi. Blocking the connection > > > immediately would save quite a bit.) > > > > Sounds interesting, especially with the use case you describe (running > > on a Raspberry Pi). Have you taken a look at OpenSSH settings like > > AllowUsers or DenyUsers? Do those incur the same CPU penalty? > > > > This sounds useful; I'll start poking around soon. > > > Having the option of scoring certain usernames as high danger attempts, > or perhaps as danger 1+fractional multipliers, could be a clean way to > implement such a feature. > > > Richard > > > > ------------------------------------------------------------------------------ > One dashboard for servers and applications across Physical-Virtual-Cloud > Widest out-of-the-box monitoring support with 50+ applications > Performance metrics, stats and reports that give you Actionable Insights > Deep dive visibility with transaction tracing using APM Insight. > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > _______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users > |
