Deny Hosts and SSH Login Attempt Behavior

syzygy — Sun, 28 Dec 2008 03:16:52 +0000

A few weeks ago I installed DenyHosts, a small deamon (can also be run as a cron job) that runs on my server to block IP’s that make brute force SSH login attempts.� The script has worked great, blocking over 500 hosts on the first day I used it (including myself a few times…).� One of the features of the script is the ability to send an email each time it blocks a host.� Although getting a few hundred emails at first was very annoying, setting up a few rules in gmail prevented me seeing them in my inbox (they go directly to a folder).� I did, however, start to look at the times when the various hosts get denyed.� They seem to come in large groups, so that there will be 50 or so hosts blocked in a rather short length of time, around 10 minutes or less.� The IP’s of the computers also come from all over the world, but most seem to come from Asia, South America, and Russia.� I think it would be interesting to do a more complete statistical analysis of the data in regards to the time and location of where the login attempts are coming from.� Maybe I’ll write something to do this later.

Coming to a Windows Vista Near You

syzygy — Tue, 15 Jan 2008 13:00:18 +0000

Nothing like Microsoft putting new security flaws in Windows while claiming its improving security. I don’t know why Microsoft would use a random number generator with several known and published flaws, not to mention the issue of its poor performance to other generators available. Perhaps its a standards issue, but a bad idea even if is not the default random number generator.

Syzygy Tech » security

Deny Hosts and SSH Login Attempt Behavior

Coming to a Windows Vista Near You