Summary: Re: Denyhosts - other options?

Thanks for the responses on this question.

Surprisingly, I didn't hear from anyone who uses Denyhosts
on Solaris to automate the blocking of IPs which are the source of a
brute force ssh attack.  Some acknowledged that Denyhosts works
well in Linux.  No one provided a name of an alternate open source
tool like fail2ban which they are using on their Solaris system.

Several mentioned blocking IPs on the firewall or by entries in
hosts.deny, but it wasn't clear how they populate that list - whether
manual or otherwise.  One site had a locally made perl script
to automate their hosts.deny blocks.

Most responses said they manage the problem by controlling
the access, using ssh key and passphrases or by running
ssh on a non-default port, which dodges the script
kiddie efforts.

At our site, setting up dozens of users with ssh keys will be
too much effort.  We will probably go with high port number ssh
or requiring the remote user connect via the VPN.

It's too bad Denyhosts isn't parsing the authlog well these
days.  It is very effective at automatically blocking IPs
on Linux.


On Thu, Apr 5, 2012 at 5:07 PM, francis picabia <fpicabia@gmail.com> wrote:
> Howdy,
>
> Using Denyhosts on Linux has worked well for me.  On Solaris I'm not
> getting the results I expect.  It seems to be a problem deeper than
> REGEXP.
>
> Looking at the Denyhosts project, it has not been updated in many years
> and the participation in the mailing list is next to nothing.  It makes
> me wonder if other admins are quietly using something else
> I don't know of.
>
> What do other Solaris admins use to block brute force ssh attempts?
>
> I've heard of fail2ban and sshblock.  There are reports of injected log
data
> in the media.  Have admins switched to a ip filter method?
>
> I can summarize to the list if there are some good responses.
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers