Modify

Opened 7 years ago

Last modified 5 years ago

#1168 investigate enhancement

ssh / ftp wrong password max attempts

Reported by: mihaly.reg@… Owned by:
Priority: normal Milestone:
Component: fon-network Version: 2.3.7.0 beta2
Severity: unknown
Cc: Decodecoding@… Hardware: both

Description

Often wan is scanned by hackers to gain root on ssh. A countermeasure would be to add to a block list ip's os scanner after 5 wrong password attempts and to reject any tcp afterwards. Blacklist could be cleared manually by webgui page > blocklist edit.

Attachments (0)

Change History (4)

comment:1 Changed 6 years ago by matthijs

  • Status changed from new to investigate
  • Type changed from request to enhancement

Not sure how to implement this, but it does indeed make sense.

I'm not sure if a permanent blacklist makes sense, perhaps banning an IP for an hour or a day is enough already.

fail2ban implements something like this (but depends on perl, so is unusable for the Fonera).

This is something we might have a look at for the longer term.

comment:2 Changed 6 years ago by mihaly.reg@…

Yes, banning for one day is a good idea, no need to manage ban lists later. Btw....I have logs for hack attempts scanning my fonera for many hours, trying probably a whole dictionary. If they would be banned after 5 attempts then they probably never return to scan again the same ip.

comment:3 Changed 6 years ago by matthijs

  • Cc Decodecoding@… added
  • Summary changed from ssh wrong password max attempts to ssh / ftp wrong password max attempts

#265 is a duplicate of this ticket, but talks about FTP instead.

comment:4 Changed 5 years ago by giuseppeg88@…

This may be useful:

/usr/sbin/iptables -I input_daemon -p tcp --dport 22 -m state --state NEW -m recent --set
/usr/sbin/iptables -I input_daemon -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 -j DROP

Add Comment

Modify Ticket

Action
as investigate The ticket will remain with no owner.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.