http://www.howtoforge.com/preventing-brute-force-attacks-with-blockhosts-on-debian-lenny
BlockHosts is a Python tool that observes login attempts to various services, e.g. SSH, FTP, etc., and if it finds failed login attempts again and again from the same IP address or host, it stops further login attempts from that IP address/host. By default, BlockHosts supports services that use TCP_WRAPPERS, such as SSH, i.e. services, that use /etc/hosts.allow or /etc/hosts.deny, but it can also block other services using iproute or iptables.
http://www.aczoom.com/blockhosts
Script to record how many times system services are being probed, using configurable pattern matching to recognize failed accesses (such as for “sshd” or “proftpd” or any service), and when a particular IP address exceeds a certain number of failed attempts, that IP address is blocked by using multiple techniques: using /etc/hosts.allow for services that support TCP_WRAPPERS, or by executing ip route commands to setup null-routing for that source host address, or by executing iptables commands to setup packet filtering to drop packets from a source host address.
Requires python version 2.3, and runs on Unix-like machines only.
Script is most suitable for home Linux users, who need to keep ssh/ftp ports or other services open, and need to block the script kiddies. With null-routing or packet filtering, any service can be protected, since those mechanisms block at the IP routing or packet filtering level. In this case, the only requirement is that there should be a way to detect failed accesses in some system log file
1。會記錄被探索幾次
2。整理失敗的存取
3。支援 sshd, proftpd, 及其它
4。超過限制的次數就擋
5。使用 hosts.allow (tcp_wrappers)、用ip route 讓來源呈現 null-routing、使用iptables去drop
6。要求python 2.3以上
留言