ssh_brute_blocker - Browse Files at SourceForge.net

The interactive file manager requires Javascript. Please enable it or use sftp or scp.
You may still browse the files here.

Name	Modified	Size
README_ssh_brute_blocker_notes.txt	2021-05-16	945 Bytes
ssh_brute_blocker.ksh	2021-05-16	1.7 kB
seclists_org_README_POST.txt	2021-05-16	7.7 kB
Totals: 3 Items		10.4 kB

This is a very old script, whilst I have fixed a potential security issue with it, you should
really roll your own from it if you intend to use it. There are lots of other options available these
days if desired too.


In addition I had a cron job which would periodically restore /etc/hosts.deny so that IP addresses
were not permbanned in case an employee or app had guessed passwords incorrectly in quick succession.
I think I settled on 30 minutes or an hour, which was usually enough to break the automated scan
brute-force guessing processes, that most attacking hosts were engaged in. It also prevented hosts.deny
growing to a ludicrous size with all the brute-force scan IPs.


There are many ways to skin this cat, and this was just one quick approach back in the day, and my
approach at the time to protect what we had without decent IPS/IDS and firewalls etc.


Thanks, and good luck out there.


Mike. 16/05/2021

Source: README_ssh_brute_blocker_notes.txt, updated 2021-05-16

ssh_brute_blocker Files