Re: [tlug] Script Kiddy Defence Script

[Joe Larabell <larabell@???>]

> Well, I don't see many IPs attacking twice, and the ssh-attacks normally
> only take a short time, maybe several minutes.
>
> So what I wanted to do was to lock out any attacker as soon as possible

Yeah... I figure the duration of the attack from a single IP would only be
the time it takes for them to try the dozens (100s) of dummy accounts.

But it gives me a great idea... If you write a simple C program to grab
the IP of whoever logs in and add it to the SHITLIST chain, you could swap
that executable for the '/bin/false' in /etc/passwd, then add several of
the default accounts with the password set the same as the username (or
not set at all). As soon as the miscreant attempts to login, his IP is
added to the banned list.

The drawback would be that other non-shell paths into the system might
then be made more vulnerable to an attack via those dummy accounts.

--
Joe Larabell -- Synopsys VCS Support      US: larabell@example.com
http://wwwin.synopsys.com/~larabell/   Japan: larabell@?jp