Monday, July 10, 2006

Slowing down SSH bots

Agreed. I was going to package a port knowking
daemon called doorman just for this, then I finally figured it wasn't
worth it. In my case, I decided to use tha facilities provided by
shorewall (an awesome firewall tool):
ACCEPT          net       $FW           tcp     22      -          - 1/min:2

ssh login attempts from an IP on the public internet are restricted to
once a minute, with a surge of 2 (basically allowing two attempts in
the first 60 seconds). The nice thing is that it doesn't run the risk
of someone DOSing me by using up all the concurrent connections or
whatever. Additionally, the script kiddies get tired of waiting and I
rarely ever get more than two attempts from the same IP. Some are real
persistent and stick it out for 10 minutes or so, but that only gets
them 11 attempts.

Re: Automatically Blocking SSH Attackes From Script Kiddies?

technorati tags:, ,