Denyhosts 2.4b SSH firewall

xemaps

Verified User
Joined
Apr 13, 2006
Messages
430
Location
Europe
New denyhosts release 2.4b correcting few little bugs

FC3 sample :

#wget http://ovh.dl.sourceforge.net/sourceforge/denyhosts/DenyHosts-2.4b.tar.gz
#tar zxvf DenyHosts-2.4b.tar.gz

follow README.txt to install denyhosts

after, just unmark SECURE_LOG=/private/var/log/system.log
with # in denyhosts.cfg little bug & set your mail if you want report

If you upgrade, stop daemon and replace daemon-control & denyhosts.cfg with dist packages, set again.

more info here : http://denyhosts.sourceforge.net/
 
Just what I needed! No APF + ... needed with this one. I had a server who had a kernel panic after SSH was bombed :( This should be the solution then :)
 
ssdhfilter do much of the same.
The reason I found it better, is because it was simpler to install for a newbie
I have tried it for a couple of days and I have got rid of the problem with dictionary attacks of sshd.

words from the developer
With sshdfilter installed, taking each attack on a case by case basis:
347 attempts becomes 0 attempts - first attemped guess was for a non-existant user, so was instantly blocked.
306 attempts becomes 0 attempts - same reason, non-existant user.
115 attempts becomes 1 attempt - first guess was for root and is allowed a default of 3 chances, the second guess was for a non-existant user and so was blocked anyway.
115 attempts becomes 1 attempt - same as previous.
127 attempts becomes 3 attempts - many initial guesses for root account, so sshdfilter blocks after the first 3 failed attempts.
18 attempts becomes 0 attempts - first attempted guess was for a non-existant user, so was blocked instantly.
554 attempts becomes 3 attempts - many initial guesses for root accont, so sshdfilter blocks after the first 3 failed attempts.
107 attempts becomes 1 attempt - first guess was for a valid user (nobody), second guess was for a non-existant user so was blocked.
9 attempts becomes 0 attempts - first guess was for a non-existant user so was blocked instantly.
52 attempts becomes 3 attempts - many initial guesses for root accont, so sshdfilter blocks after the first 3 failed attempts.


http://www.csc.liv.ac.uk/~greg/sshdfilter/
 
Any opinions? (other than what was mentioned)
Denyhosts
or
ssdhfilter
 
denyhosts is constantly updated the other one is not
 
Back
Top