Menu
▾
▴
Re: [SSHGuard-users] attack signatures different services
|
From: <li...@la...> - 2017-01-03 20:58:27
|
If you are going to add more triggers to sshguard, my feature suggestion is to have multiple tables of IP addresses that can be associated with each trigger. ( My terminology is from the view of ipfw.) My concerned is accidentally triggering a ssh 22 block by misconfiguring some mail service or pen testing, then locking myself out of port 22. Port 22 is sacred! ;-) I wonder how many people run sshguard strictly for 22 then use fail2ban for other services. In my case, I don't bother with fail2ban but rather rate limit the services that can be attacked. Anvil for postfix for example. Original Message From: Kevin Zheng Sent: Tuesday, January 3, 2017 12:12 PM To: ssh...@li...; jungle Boogie Subject: Re: [SSHGuard-users] attack signatures different services On 01/03/2017 13:51, jungle Boogie wrote: > Is there a possibility of including things like FreeSWITCH? Yes, someone just needs to write rules for sshg-parser. If you have an account on Bitbucket, go ahead and create an issue for FreeSWITCH. If not, I can open an issue for you so we don't forget. Writing rules for sshg-parser is currently somewhat painful. > FYI, http://www.sshguard.net/ link for sshd is now wrong, should be > https://www.openssh.com/ Fixed, thanks for the report. Best, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ sshguard-users mailing list ssh...@li... https://lists.sourceforge.net/lists/listinfo/sshguard-users |
