bruteforce protection howto
NoOp
glgxg at sbcglobal.net
Sat Mar 20 23:36:39 UTC 2010
On 03/20/2010 03:17 PM, Vadkan Jozsef wrote:
> Two pc's:
>
> 1 - router
> 2 - logger
>
> Situation: someone tries to bruteforce into a server, and the logger
> get's a log about it [e.g.: ssh login failed].
>
> What's the best method to ban that ip [what is bruteforcig a server]
> what was logged on the logger?
> I need to ban the ip on the router pc.
>
> How can i send the bad ip to the router, to ban it?
>
> Just run a cronjob, and e.g.: scp the list of ip's from the logger to
> the router, then ban the ip from the list on the router pc?
>
> Or is there any "offical" method for this?
>
> I'm just asking for docs/howtos.. :\ to get started..
>
https://help.ubuntu.com/community/InstallingSecurityTools
http://manpages.ubuntu.com/manpages/karmic/en/man8/denyhosts.8.html
http://denyhosts.sourceforge.net/
https://help.ubuntu.com/community/Fail2ban
might be of use.
More information about the ubuntu-users
mailing list