Projects

DenyHosts

DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks). If you've ever looked at your ssh log (/var/log/secure on Redhat, /var/log/auth.log on Mandrake, etc...) you may be ... [More] alarmed to see how many hackers attempted to gain access to your server. Hopefully, none of them were successful (but then again, how would you know?). Wouldn't it be better to automatically prevent that attacker from continuing to gain entry into your system? DenyHosts attempts to address the above... and more. [Less]

denyssh

DenySSH monitors the auth log of a BSD system for failed SSH login attempts and adds repeat attackers to a Packet Filter table, allowing you to define PF rules to block the attacking hosts or redirect them to a honeypot for your amusement.

ssh-moat

Monitors the SSH authorization log, and directs firewall software (ipfw by default) to blacklist IPs which are exhibiting suspicious behavior, and whitelist IPs which make successful logins. You can use it to greatly increase the time necessary for a cracker to mount a successful dictionary attack ... [More] on your server. The utility is configurable, so it can be used to monitor any log (not just SSH) for any good / bad behavior patterns, and take any command-line action as a response. Developed and tested on Mac OS X, but should work just fine on any UNIX with Ruby installed. [Less]