| Name : sshdfilter
| |
| Version : 1.5.6
| Vendor : Mandriva
|
| Release : 1
| Date : 2011-03-16 04:10:09
|
| Group : Monitoring
| Source RPM : sshdfilter-1.5.6-1.src.rpm
|
| Size : 0.08 MB
| |
| Packager : Stéphane Téletchéa < steletch_mandriva_org>
| |
| Summary : SSH brute force attack blocker
|
Description :
sshdfilter blocks the frequent brute force attacks on ssh daemons, it
does this by directly reading the sshd logging output and generating
iptables rules, the process can be quick enough to block an attack
before they get a chance to enter any password at all.
sshdfilter starts sshd itself, having started sshd with the -e and -D
options. This means it can see events as they happen. sshdfilter then
looks for lines of the form:
Did not receive identification string from x.x.x.x
Illegal user x from x.x.x.x
Failed password for illegal user x from x.x.x.x port x ssh2
Failed password for x from x.x.x.x port x ssh2
The former three instantly trigger sshdfilter into creating iptables
rules which block all ssh access from that IP. The latter failure is
given a few chances before it too is blocked. These are in fact example
rules, the exact wording varies between Linux distributions, so
sshdfilter exists as a base program and groups of patterns for each
distribution.
All new rules are inserted into a custom chain, and to prevent the chain
from becoming overloaded with old rules, rules over a week old are
deleted.
|
RPM found in directory: /vol/rzm6/linux-mandriva/official/2011/i586/media/contrib/release |
