Autoban Feature

Rob Landley rob at landley.net
Tue Sep 18 04:18:39 WST 2007


On Monday 17 September 2007 12:48:54 pm Patrick wrote:
> Hi,
>
> Since I regularly have bruteforce-attacks on my SSH-Server,
> I would appreciate an autoban-feature in Dropbear
> which bans an IP after a certain amount of failed login-attempts.
>
> There could for example be a setting like
> "ban an IP after x failed logins for y Minutes (or 0 for infinite)"

You can do most of that at the iptables level.  Count syn packets to see the 
number of connection attempts.  (Admittedly this counts successful login 
attempts too, but if you're triggering on 20 login attempts in a minute...)

Rob
-- 
"One of my most productive days was throwing away 1000 lines of code."
  - Ken Thompson.



More information about the Dropbear mailing list