infra-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tony Stevenson (JIRA)" <j...@apache.org>
Subject [jira] Commented: (INFRA-1428) Have sshd tell IPFW to block scanner IPs
Date Tue, 16 Sep 2008 20:31:44 GMT

    [ https://issues.apache.org/jira/browse/INFRA-1428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12631536#action_12631536
] 

Tony Stevenson commented on INFRA-1428:
---------------------------------------

I think we should look at using this tool ->  http://sourceforge.net/projects/fail2ban

It not only covers SSH/HTTP/HTTPS - It can be expanded very easily to check any other service
that outputs to a log file.  
Potentially it could be used to protect rsync, or any other netwrok service.

The problem with SSHblack is that the code is limited to SSH. The author has also produced
DABblack.  But that is it.  No other's included.  Maybe that could change with some code hacks.
 

Fail2Ban can be extended by adding config updates, and using sensible regex.

Working like a charm on my personal servers.

> Have sshd tell IPFW to block scanner IPs
> ----------------------------------------
>
>                 Key: INFRA-1428
>                 URL: https://issues.apache.org/jira/browse/INFRA-1428
>             Project: Infrastructure
>          Issue Type: Wish
>      Security Level: public(Regular issues) 
>          Components: Infra Wishlist
>            Reporter: Roy T. Fielding
>
> It would be nice if we could detect an attempt to login to the account 'admin'
> and automatically firewall that IP.  It is one of the first accounts attempted
> by those stupid ssh rootkits.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message