hosts.deny script

Steven J Lamb redhattedsheep at adiis.net
Fri Jan 27 03:43:28 UTC 2006 

if they can break a password in less than 5 min, which is my window of 
checks ,then they are going to defeat any method I can conceive. the idea is 
that my password is secure enough to stand up to 5 min worth of guesses. a 
port knocking lock is not entirely invulnerable. one could just try hitting 
pairs of ports until they get a response from an ssh session. I agree it is 
an extra level of security and may well be useful in conjunction with a 
brute force attack blocker like my script is.
----- Original Message ----- 
From: "John Summerfied" <debian at herakles.homelinux.org>
To: "For users of Fedora Core releases" <fedora-list at redhat.com>
Sent: Thursday, January 26, 2006 5:49 PM
Subject: Re: hosts.deny script


> Steven J Lamb wrote:
>> I am trying to create a script to block people using hosts.deny. I 
>> realize that I should just block everyone and then open access for those 
>> whom I know I trust but because of the nature of our network this is not 
>> possible. basically I check log files for login attempts every five 
>> minutes and block those that attempt to log in more than 3 times that 
>> day.
>
> This is too late. An automated attack may well be completed in this window 
> of time.
>
> Instead, use another port as a door-knock: when someone tries to connect 
> to <some port>, then allow connexions to ssh for a short time.
>
> For an automated connexion from a remote site, something like this:
> echo | nc example.com <some port>
> ssh example.com
>
> The nc command is contained in the netcat package.
>
> I think I've seen how to implement this door knock entirely in iptables 
> recently, but didn't note the details.
>
>
>
>
> -- 
>
> Cheers
> John
>
> -- spambait
> 1aaaaaaa at computerdatasafe.com.au  Z1aaaaaaa at computerdatasafe.com.au
> Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
>
> do not reply off-list
>
> -- 
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>

More information about the users mailing list