[H-GEN] Re: Blocking SSH exploits

Tim Browne dugb at netspace.net.au
Mon Aug 23 10:02:16 EDT 2004


>>
>>By the way, we are thinking that it would be nice to be able to block 
>>IPs that make any such attempts automatically, probably for about 10 
>>minutes. Does anyone know how to do this, and would it be worthwhile trying?
>>
>>Regards,
>>Sarah Walters
> 

The MaxStartups option in sshd_config looks interesting. Adjusting the values 
should let you deny all incoming attempts after a specified number of failed 
attempts. I am not sure how long this block stays in place for, I guess for the 
value "LoginGraceTime".

The only problem of course is that if you are experiencing an ongoing attack 
then you are also blocked from accessing the box until the attack stops.

Tim Browne.





More information about the General mailing list