[Tfug] Stopping repeated login attempts

John Gruenenfelder johng at as.arizona.edu
Thu Jan 28 01:14:19 MST 2010


On Mon, Jan 25, 2010 at 10:57:13PM -0700, Louis Taber wrote:
>
>Denyhosts looks interesting:  http://stats.denyhosts.net/stats.html
>
>What works best for the effort needed to set it up?
>What is going to require the least long term maintenance?
>
>Thanks.  - Louis

I second the use of DenyHosts.  I'm using it on all of my machines with Net
exposed SSH access.  It is very fast and easy to set up and it works wonders
against brute force attacks and will stop them in very short order.

It also recognizes the difference between a remote attacker trying random
users and somebody repeatedly going after an existing account.  You can make
it more or less lenient towards different types of "attacks" so that you don't
accidentally lock somebody out who is a lousy typist.  DenyHosts can also
reset the counters upon successful login, if you wish, which significantly
lowers the chances of accidental lockout.

Lastly, I find it much more robust than an inetd or sshd based solution and
much easier to handle than a firewall-only based one.


-- 
--John Gruenenfelder    Systems Manager, MKS Imaging Technology, LLC.
Try Weasel Reader for PalmOS  --  http://weaselreader.org
"This is the most fun I've had without being drenched in the blood
of my enemies!"
        --Sam of Sam & Max




More information about the tfug mailing list