Re: [tlug] Script Kiddy Defence Script

[Michael Reinsch <mr@example.com>]

Hi!

On Thu, 9 Jun 2005 18:39:00 +0900
Shawn <bofh@example.com> wrote:

> On FreeBSD, you get a nightly security report mailed to you, which
> reports failed login attempts. My cronned perl script scans those
> emails and adds the relevant IPs to the firewall, and also to a MySQL
> database with the date.

Well, I don't see many IPs attacking twice, and the ssh-attacks normally
only take a short time, maybe several minutes.

So what I wanted to do was to lock out any attacker as soon as possible
(it normally takes 3-10 login attempts to detect an attack) -- but
without locking out a valid user who just got a password wrong. Or if
he got locked out (after 10 guesses), all he has to do is to just wait
for 2 hours at a maximum (but he has to get the pwd right then the
first time, otherwise he is locked out for another 1-2 hours).

-- 
  Michael Reinsch <mr@example.com>                      http://mr.uue.org/
------------------------------------------------------------------------

Attachment: pgp00002.pgp
Description: PGP signature