Re: What is this Very Stupid DOS Attack Script?

看板FB_security作者時間21年前 (2005/04/09 03:42), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串12/12 (看更多)
--=-dWoQSALcmsLjKeMDpr+u Content-Type: text/plain Content-Transfer-Encoding: quoted-printable This might not be exactly what you want, but solution to this might be timelox by brian. It has a definable action to take when an IP attempts X logins in N seconds. I've modified his timelox-code for openbsd to suit openssh portable 3.9p1/4.0p1 (linux/freebsd). I will try to keep this up to date with the openssh-portable tree. You can find it at http://www.overflow.no/?p=3Dhacking The next version will have a sshd_config setting for a script to run on this event, to improve portability basicly.=20 This prolly isn't the best solution, but it works pretty good. If blocking out all of the world is a concern just add a cronjob for root to clear the rules one a week or something like that. :) On Fri, 2005-04-08 at 12:07 -0700, Michael Carlson wrote: > I would be very interested in a script/setup like this, so I second the=20 > suggestion of posting it somewhere. >=20 > On a minor off topic question, has anyone gotten the linux-pam/pam_tally = to=20 > work in 5.x? >=20 > Due to security requirements at work I need either that or something simi= lar. >=20 > At 05:28 PM 4/7/2005, Jon Adams wrote: >=20 >=20 > >Marian Hettwer wrote: > > > >>On Mi, 6.04.2005, 17:57, Willem Jan Withagen sagte: > >> > >> > >>>I've build some swatch-rules that after two of these hits, I dump > >>>the host into ifpw-deny space. > >>> > >>> > >>Aye. I thought about writing a script, doing the same like yours, too. > >>Could you post this script somewhere, so that I could add some > >>functionality or just use it ? > >> > >> > >This is similar to what I do... except > > > >I just run a cronjob every so often... daily.. weekly.. what have you..=20 > >that will restart ipfw... probably there is a cleaner solution, but it > >does the job for me.... as far as cleaning out the dozens of IPs that ge= t=20 > >blocked for connecting to ports they shouldnt on my boxes > > > >_______________________________________________ > >freebsd-security@freebsd.org mailing list > >http://lists.freebsd.org/mailman/listinfo/freebsd-security > >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.o= rg" >=20 >=20 > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g" >=20 Chris --=20 Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms, swallowing magic pills and listening to repetitive electronic music. --=-dWoQSALcmsLjKeMDpr+u Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQBCVt3oWwvIQMvefh0RAu8YAJ9cN6nF1OWZRdoh581l8shTCazuwACfXe/Y pyxZ99/u4QlJoLZqTLqIC70= =4LIG -----END PGP SIGNATURE----- --=-dWoQSALcmsLjKeMDpr+u--
更多 rip. 的文章
文章代碼(AID): #12Ljwv00 (FB_security)
討論串 (同標題文章)
完整討論串 (本文為第 12 之 12 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共12篇)
更多 rip. 的文章
文章代碼(AID): #12Ljwv00 (FB_security)