BlockSSHD is a Perl script based on BruteForceBlocker v1.2.3 that dynamically adds IPTables rules for Linux and pf firewall rules for BSD that block SSH brute force attacks. It can also detect ProFTPd login failures.
BlockSSHD checks a log file you specify, for example /var/log/secure on a Red Hat, for SSH login failure messages. If it detects a failure message it records the source IP address and starts a counter. If messages continue to be detected from the same source IP address the counter is incremented for each message. When the counter reaches a user-specified threshold then the script will add a firewall rule blocking SSH connections from that source IP address. A user-specified time-out is also defined to trigger a reset of the counter. If the counter is incremented but has not yet reached the blocking threshold and a new login failure message arrives then BlockSSHD checks the time-out. If the last increment of the counter occurred earlier than the current time minus the time-out period then the counter is reset rather than incremented. The time-out defaults to 600 seconds (10 minutes).
The BlockSSHD script can unblock IP address after a period. This is enabled in the blocksshd.conf configuration file using the unblock option and with the period set using the unblock_timeout option.
The BlockSSHD script can also log the IP addresses blocked to a file and re-apply these blocked IP addresses when the script is re-started. This allows you to restore previously blocked IP addresses after a restart or when your firewall rules are flushed.
The BlockSSHD script has some command line options:
*) -d | --daemon | --start - Runs the script as a daemon
*) --stop - Stops the script
*) -h | --help - Prints help text
*) -v | --version - Print the version
Running the BlockSSHD script without any command line options will start it interactively.
You will also find a Red Hat style init script in the init directory in the distribution package.
For installation instructions see the INSTALL file in the distribution package.
You can download BlockSSHD here.
BlockSSHD protects computers from SSH brute force attacks by
dynamically blocking IP addresses by adding iptables rules.
Official site: http://blocksshd.sourceforge.net/
Posted by admin
on October 25 2007 07:32:28
||5375 Reads ·