[ previous ] [ next ] [ threads ]
 
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 To:  "MonoWall-General List" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] m0n0wall and swatch to protect ssh!
 Date:  Mon, 20 Mar 2006 17:22:02 -0500
On 3/20/06, Ron Rosson <ron dot rosson at gmail dot com> wrote:
> Denyhosts.sf.net seems to be doing the Job and it has the capability of
> running in a distributed mode.
>

Yeah, there are several similar to that, though that's the first I've
seen with a centralized database.  That runs on the SSH server as
well.

The reason this is impossible to do entirely on the firewall itself is
because from the firewall's perspective, SSH is SSH.  It doesn't know
a failed login from a successful login.  Best you could do would be to
somehow integrate some agent on your servers to communicate with
m0n0wall and update its ruleset appropriately.  No such thing exists,
and personally, I'd rather that be handled entirely by the server
anyway (letting any server automatically update the ruleset on the
firewall protecting it is a bad idea).

-Chris