Author Topic: Attack-mitigating ftp, ssh, telnet servers  (Read 3549 times)


  • Vectorite
  • ***
  • Posts: 152
Attack-mitigating ftp, ssh, telnet servers
« on: October 20, 2007, 11:19:47 am »
Does anyone know if there's any existing or developing ftp, telnet, or ssh
servers which internally will firewall (or impose long delays) on
multiple-login-failure IPs?

I'm looking for a more elegant solution than cron scripts scanning logs
since that's too much after the fact.

With the massive increases dictionary attacks, and zombied windows boxes
pounding on the doors, surely someone's got (or working on) a solution
that's part of the server itself that will either generate it's own
blocklist or feed into hosts.deny.
=^_^=  Tigerwolf

Running: Vector Linux 5.8 Standard   12-16-2006


  • Administrator
  • Vectorian
  • *****
  • Posts: 1906
Re: Attack-mitigating ftp, ssh, telnet servers
« Reply #1 on: October 20, 2007, 12:49:31 pm »
There are none that I am aware of.

To fend off these attacks iptables is the solution.

One is to permanently block the offending IP after x amount
of failed attempts.

Another would be to have a delay after x amount of attempts for
example 3 unsuccessfully attempts will deny another login attempt
for say 5 minutes.