attack

[bruce]

just a question regarding ssh...

hey... i know this is a bit off thread/topic, but i'm curious...

it appears that most of the attacks are automated scripts..

so, given that ssh is open, what would be the downside of building in a kind
of basic challenge response/question system... much like what you have with
yahoo groups/other sites...

since you can't distort some word, given the terminal nature of ssh, would
it be possible to insert/force the user to answer some random question,
prior to being able to attempt to log into the system??

it's been along time since i looked at the ssh protocols/handshake
mechanisms..

thoughts/comments/etc..

-bruce




-----Original Message-----
From: fedora-list-bounces at redhat.com
[mailto:fedora-list-bounces at redhat.com]On Behalf Of David Cary Hart
Sent: Monday, May 09, 2005 8:04 AM
To: For users of Fedora Core releases
Subject: Re: attack


On Mon, 2005-05-09 at 16:37 +0200, roland brouwers wrote:
> Hello everybody,
>
> Someone is attacking for a certain time on port SSH2
> He is trying to login as root and uses all kind of usernames.
> See annexed textfile
>
> How can I block a user after x failed logins?
> Can I do something else?

I use the swatch daemon to move them to the firewall after one attempt.
I believe that there is a swatch rpm in extras.
--
Multi-RBL Check:         http://www.TQMcube.com/rblcheck.htm
Kill Spam at the Source: http://www.TQMcube.com/spam_trap.htm
Today's Spam Trap Adds:  http://www.TQMcube.com/BlockedToday
RBLDNSD HowTo:           http://www.TQMcube.com/rbldnsd.htm

--
fedora-list mailing list
fedora-list at redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list