You can also run DenyHosts ( http://denyhosts.sourceforge.net/ ) to block connections based on failed logins. -Josh More, RHCE, CISSP, NCLP, GIAC morej@alliancetechnologies.net 515-245-7701

...

...

Ralf Ronneburger <ralf@ronneburger.de> 10/19/09 4:23 AM >>> Hi Wolfgang,

SuSEfirewall2 (config file /etc/sysconfig/SuSEfirewall2) already has an option for this: FW_SERVICES_ACCEPT_EXT="0.0.0.0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh" This blocks requests for 60 seconds after the third attempt. Greetings, Ralf Wolfgang Kluge schrieb:

Good morning. I hope someone could help me in this:

I receive remote login attempts in 1 second intervals from the same IP address to our port 22. Port 22 is forwarded by the firewall ( Sifoworks ). OS is openSUSE 11.0

Is there a way to increase the time between a failed login attempt and the next possible login re-try ?

Regards Wolfgang Kluge

-- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org