Mailinglist Archive: opensuse (1570 mails)

< Previous Next >
Re: [opensuse] Coordinated, distributed ssh attacks?
  • From: Patrick Shanahan <paka@xxxxxxxxxxxx>
  • Date: Sat, 3 Oct 2009 19:22:06 -0400
  • Message-id: <20091003232206.GF13226@xxxxxxxxxxxxxxx>
* Carlos E. R. <robin.listas@xxxxxxxxxxxxxx> [10-03-09 16:09]:
On Saturday, 2009-10-03 at 20:19 +0200, Matthias Bach wrote:

Something like that already exists in denyhosts.

Not as a collaborative, dynamic, effort?

Yes, as a collaborative, dynamic effort.

from http://denyhosts.sourceforge.net

Denyhosts now has over 70,000 users contributing synchronization data and
thousands more using DenyHosts without the optional synchronization
feature..

What is DenyHosts?
DenyHosts is a script intended to be run by Linux system administrators
to help thwart SSH server attacks (also known as dictionary based attacks
and brute force attacks).

If you've ever looked at your ssh log (/var/log/secure on Redhat,
/var/log/auth.log on Mandrake, etc...) you may be alarmed to see how many
hackers attempted to gain access to your server. Hopefully, none of them
were successful (but then again, how would you know?). Wouldn't it be
better to automatically prevent that attacker from continuing to gain
entry into your system?

DenyHosts attempts to address the above... and more.



The bad guys collaborate somehow to attack us. To defend ourselves we have
to join forces against them. But it probably needs some organization or
business to provide the development effort, servers, and authentication.

Ie, a server to list bots and block them. And probably inform the police,
and a real effort by the authorities to go against them. Even fines
against the owners of the botted machines, for not taking the appropriate
precautions. Same as a car owner has some responsibilities, the owner of a
machine connected to Internet must be responsible for it.


I have been using denyhosts for 3+ years and the last two days it has
been very busy, but that has subsided today as I suspect it's database
has captured *most* of the subject addresses.

available:

http://download.opensuse.org/repositories/network:/utilities/openSUSE_Factory
http://download.opensuse.org/repositories/network:/utilities/openSUSE_11.1
http://download.opensuse.org/repositories/network:/utilities/openSUSE_11.0
http://download.opensuse.org/repositories/network:/utilities/openSUSE_10.3
http://download.opensuse.org/repositories/network:/utilities/SLE_11
http://download.opensuse.org/repositories/network:/utilities/SLE_10


--
Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711
http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2
Registered Linux User #207535 @ http://counter.li.org
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups