bugzilla-daemon at mindrot.org
2004-Dec-20 14:38 UTC
[Bug 965] auto disable/block of ip address
http://bugzilla.mindrot.org/show_bug.cgi?id=965
Summary: auto disable/block of ip address
Product: Portable OpenSSH
Version: 3.9p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: jeremiah at goodinassociates.com
I would like to see the ssh deamon stop allowing attempts to connect from an ip
address after a certain number of failures. My logs tend to fill up after a
night of script kiddy hell.
1) There should be a way to turn this off/on
2) A way to get the list and re-enable/remove an ip address.
3) A attempt count setting so that after X failures autoblocking happens
I've grown very accustomed to something similar on AS400's. It very
hanndy to have.
thanx,
-jj-
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Dec-20 22:31 UTC
[Bug 965] auto disable/block of ip address
http://bugzilla.mindrot.org/show_bug.cgi?id=965
djm at mindrot.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WONTFIX
------- Additional Comments From djm at mindrot.org 2004-12-21 09:31 -------
We won't implement reflexive blocking, it can be easily implemented by
scanning
logs (i.e not in ssh) and there are too many ways it can be turned into a
denial-of-service.
If you really want to do this, there are scripts that will parse logfiles and
add addresses found to a firewall rule.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Dec-20 22:40 UTC
[Bug 965] auto disable/block of ip address
http://bugzilla.mindrot.org/show_bug.cgi?id=965 ------- Additional Comments From dtucker at zip.com.au 2004-12-21 09:40 ------- I'll also add that if you really want this and your sshd is built with PAM then then you could implement this policy in a PAM module (eg hack pam_tally to take notice of PAM_RHOST). ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Jan-11 07:30 UTC
[Bug 965] auto disable/block of ip address
http://bugzilla.mindrot.org/show_bug.cgi?id=965 ------- Additional Comments From dtucker at zip.com.au 2005-01-11 18:30 ------- Incidentally, if folks running PAM really want to do this, there's now a pam_abl module that does it: http://www.hexten.net/sw/pam_abl/ ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.