[ previous ] [ next ] [ threads ]
 
 From:  Ron Rosson <ron dot rosson at gmail dot com>
 To:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] m0n0wall and swatch to protect ssh!
 Date:  Tue, 21 Mar 2006 07:40:02 -0600
Meant this to goto the list


Just to clarify.. Denyhosts would run on the server not on m0n0wall. Someone
could possible do a trend analysis of the hosts that are blocked and right a
script that could suggest rules to be added to the firewall for
hosts/networks that just do not get the hint.

-Ron
-- 
Ron Rosson
ron dot rosson at gmail dot com
http://www.oneinsane.net


> From: Chris Buechler <cbuechler at gmail dot com>
> Date: Mon, 20 Mar 2006 17:22:02 -0500
> To: MonoWall-General List <m0n0wall at lists dot m0n0 dot ch>
> Subject: Re: [m0n0wall] m0n0wall and swatch to protect ssh!
> 
> On 3/20/06, Ron Rosson <ron dot rosson at gmail dot com> wrote:
>> Denyhosts.sf.net seems to be doing the Job and it has the capability of
>> running in a distributed mode.
>> 
> 
> Yeah, there are several similar to that, though that's the first I've
> seen with a centralized database.  That runs on the SSH server as
> well.
> 
> The reason this is impossible to do entirely on the firewall itself is
> because from the firewall's perspective, SSH is SSH.  It doesn't know
> a failed login from a successful login.  Best you could do would be to
> somehow integrate some agent on your servers to communicate with
> m0n0wall and update its ruleset appropriately.  No such thing exists,
> and personally, I'd rather that be handled entirely by the server
> anyway (letting any server automatically update the ruleset on the
> firewall protecting it is a bad idea).
> 
> -Chris
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>