From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LQRwr-0005m8-RB for garchives@archives.gentoo.org; Fri, 23 Jan 2009 19:44:14 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id AB3ABE05B9; Fri, 23 Jan 2009 19:44:12 +0000 (UTC) Received: from mail-ew0-f21.google.com (mail-ew0-f21.google.com [209.85.219.21]) by pigeon.gentoo.org (Postfix) with ESMTP id 3D0F6E05B9 for ; Fri, 23 Jan 2009 19:44:12 +0000 (UTC) Received: by ewy14 with SMTP id 14so4615376ewy.10 for ; Fri, 23 Jan 2009 11:44:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:reply-to:to:subject:date :user-agent:references:in-reply-to:mime-version:content-type :content-transfer-encoding:message-id; bh=8zgvUqdSGfz9eHqV3EsKRdXWjSt4nhMYKgSn/C2zzUE=; b=GyeRaKz7zASnpkEm7Cq/X6WKYhH+6DggihZeuYUol6rgYwkika1sTmc2c9fGBaNIX4 v9YbJ2AjSKSZMeLNN56OFs251IV/0Yb5QbpjZ3xprjwzovj02WKSnWxVu9/dlqCwReH1 Z7NfTIRxbW9jtQFOkzjAI5SF1c+M8/UMPgt3U= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:reply-to:to:subject:date:user-agent:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; b=tXTG7P5mcXOQMgginXuaNxSi0Oqh9HssZV8l/2xUPvp7wwM3Pkvxj0nzq8/255sigv MUornPHqomt+wJ6bSlLMJd7ziZje+EMx6OGZG/qW7HtPNA2ilzMNXPu377GognSdJWfk hQp1JHCqEwt5L1RfedbkoBfB9LYtNBZETm+Cg= Received: by 10.210.136.10 with SMTP id j10mr4082959ebd.188.1232739851452; Fri, 23 Jan 2009 11:44:11 -0800 (PST) Received: from lappy.study (the3mountains.plus.com [212.159.46.48]) by mx.google.com with ESMTPS id x6sm3284215gvf.24.2009.01.23.11.44.09 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 23 Jan 2009 11:44:10 -0800 (PST) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Re: Why isn't sshd blocking repeated failed login attempts? Date: Fri, 23 Jan 2009 18:26:58 +0000 User-Agent: KMail/1.9.9 References: <58965d8a0901201333j458b57e8hde9fe4c857e00e2c@mail.gmail.com> <061701c97caf$c5e21960$6400a8c0@quan> <58965d8a0901220846j13c888b1lca08df02a87fd6d4@mail.gmail.com> In-Reply-To: <58965d8a0901220846j13c888b1lca08df02a87fd6d4@mail.gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1762633.NeE1TB93Lj"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200901231827.10300.michaelkintzios@gmail.com> X-Archives-Salt: ea1ab899-39da-493e-b22b-9370bd0c6120 X-Archives-Hash: d6ca803e4e5731a870eabb695bfb9da0 --nextPart1762633.NeE1TB93Lj Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 22 January 2009, Paul Hartman wrote: > I don't use PAM in sshd so I don't think that's my problem, but the > whole regexp thing is a possiblity in general as someone else > suggested. I will check into it tonight after work. Have you thought of using iptables to match the rate of new connections? D= rop=20 everything that comes in thick and fast and, or drop repeated attempts from= a=20 certain ip address. =2D-=20 Regards, Mick --nextPart1762633.NeE1TB93Lj Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEABECAAYFAkl6C/4ACgkQ5Fp0QerLYPeVZwCeM5vUSovHyiEj+QrQ9ioesOBt uPgAoLO7wYhgYUs6KhpWCaKxXBjmUIRy =x/7v -----END PGP SIGNATURE----- --nextPart1762633.NeE1TB93Lj--