Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Script Kiddy Defence Script




> Well, I don't see many IPs attacking twice, and the ssh-attacks normally
> only take a short time, maybe several minutes.
>
> So what I wanted to do was to lock out any attacker as soon as possible

Yeah... I figure the duration of the attack from a single IP would only be
the time it takes for them to try the dozens (100s) of dummy accounts.

But it gives me a great idea... If you write a simple C program to grab
the IP of whoever logs in and add it to the SHITLIST chain, you could swap
that executable for the '/bin/false' in /etc/passwd, then add several of
the default accounts with the password set the same as the username (or
not set at all). As soon as the miscreant attempts to login, his IP is
added to the banned list.

The drawback would be that other non-shell paths into the system might
then be made more vulnerable to an attack via those dummy accounts.

--
Joe Larabell -- Synopsys VCS Support      US: larabell@example.com
http://wwwin.synopsys.com/~larabell/   Japan: larabell@?jp


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links