VectorLinux

Please login or register.

Login with username, password and session length
Advanced search  

News:

Visit our home page for VL info. For support and documentation, visit the Vector Linux Knowledge Center or search the Knowledge Center and this Forum using the search box above.

Author Topic: Attack-mitigating ftp, ssh, telnet servers  (Read 2063 times)

Tigerwolf

  • Vectorite
  • ***
  • Posts: 152
Attack-mitigating ftp, ssh, telnet servers
« on: October 20, 2007, 11:19:47 am »

Does anyone know if there's any existing or developing ftp, telnet, or ssh
servers which internally will firewall (or impose long delays) on
multiple-login-failure IPs?

I'm looking for a more elegant solution than cron scripts scanning logs
since that's too much after the fact.

With the massive increases dictionary attacks, and zombied windows boxes
pounding on the doors, surely someone's got (or working on) a solution
that's part of the server itself that will either generate it's own
blocklist or feed into hosts.deny.
Logged
=^_^=  Tigerwolf

Running: Vector Linux 5.8 Standard   12-16-2006

bigpaws

  • Vectorian
  • ****
  • Posts: 1872
Re: Attack-mitigating ftp, ssh, telnet servers
« Reply #1 on: October 20, 2007, 12:49:31 pm »

There are none that I am aware of.

To fend off these attacks iptables is the solution.

One is to permanently block the offending IP after x amount
of failed attempts.

Another would be to have a delay after x amount of attempts for
example 3 unsuccessfully attempts will deny another login attempt
for say 5 minutes.

HTH

Bigpaws
Logged