On Wed, 29 Sep 2004 21:55:59 +0200 Matthijs <[EMAIL PROTECTED]> wrote:
> On Wed, 29 Sep 2004 21:10:24 +0200, Jacob S <[EMAIL PROTECTED]> > wrote: > > > So, my question is this. Is there a way to tell ssh to refuse > > connections from an ip address after a certain number of failed > > login attempts, or is snort the only way to do something like this? > > So far I've been taking the manual approach, blocking the ip address > > with my firewall after I see it hitting the logs, but that can give > > them about an hour to play before I notice it (e-mailed to me by > > logcheck). > > It's not really what you're asking, but: > In the dutch computer magazine C't, I read an article a few months ago > about protecting your computer using a port knocking system. If I > remember correctly, you can close a port (your SSH port, for example) > and only open it when a pre-defined pattern of access attempts on a > pre-defined port (unused for applications) is applied. The SSH port > can then be set to open in your firewall, perhaps only for the > IP-adress that performed the knocking sequence. hmm... You're right, it's not what I'm looking for, but it still sounds like a good concept. I'd be interested in learning more about that, if not for this use with ssh, I have a couple other applications it could work with on servers. > That way, the SSH port is closed and only someone who knows the > appropriate port knocking sequence can open the port - and then set up > an SSH session. Your ssh logfile should then no longer show up illegal > access attempts. > > Some applications were named in the article - if you want, I can look > them up and post the names. Yes, please. Unfortunately, I can't read Dutch. :-) Thanks, Jacob -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
