Hi everyone,
I recently upgraded to 6.5rc1 and recieved a few logwatch emails, I was a bit suprised by the fact that there seems to be some little script kiddie prick (or a few of them) out there trying to get into my server over SSH.
Its a fairly ineffective attack as he's only using 'password' and null passwords with what looks like a username list to brute force his way in.
The only account on my system with SSH access has a very strong password so I'm not that worried, but I'd like to do something to limit these little Arseh0les ability to do this.
I've looked into using SNORT / ACID but I don't think it will do what I want it to do (Unless I'm misunderstanding what I'm reading about it).
Heres what I would like to do:
1) Limit the number of concurrent sessions from any one IP to two.
2) Set up a delay (Say 20 Seconds) between giving an incorrect password and giving the "Access Denied" message.
3) Deny ALL TCP traffic from any IP which gets 5 Access denied's in a row for an hour.
Could anyone point me in the right direction of some reading material, or some search terms I can throw into the Contribs Search engine or Google. I'm not a lazy git, just need some gentle shoving in the right direction!
Many Thanks!
3 Replies
1277 Views