SSH DOS

This topic contains 2 replies, has 0 voices, and was last updated by  oliverjen 10 years, 6 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #41278

    oliverjen
    Member

    Hi

    I had someone try to attack my zeroshell computer yesterday. there were 1000’s of failed ssh login attempts in the logs. I think you need a feature if someone from the same ip address tries to logon more than 3 times and fails there IP address should be blocked for an hour or so.

    #47119

    imported_fulvio
    Participant

    If you are using the beta11 release, in the INPUT chain of the firewall you could use the parameter “Parallel connections per IP” to limit the maximum number of connections on the port 22/TCP from the same client.

    Regards
    Fulvio

    #47120

    ftcsm
    Member

    Mr. Fulvio,

    I posted a Request for a Feature about FWKNOP that can help solve that problem by effectively hiding the SSH until you send some authorization packet (like Port Knocking but single packet with cryptography).

    This way, not only a SCAN would do absolutely nothing (it would not respond to any request), you can protect vulnerable services from remote access even before a patch is available by limiting who can reach the service.

    Thanks again for your work on providing this excellent woftware that is Zeroshell.

    Flavio Machado
    Brazil

    #47121

    oliverjen
    Member

    I am using beta10 at the moment sorry.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.