IPv4 Fremnet Logo
TOOLS, TINKERINGS & CODE

Do you use my code?

OpenSSH Automatic Firewall Patch · Jun 1, 21:20 by Shannon Wynter

Ok folks. If you’re as tired as I am of these damn ssh worms on the net, then this may be a solution for you.

It’s a fairly simple patch to make it easier and more efficient to automaticly firewall out ssh brute force attacks.

If you have any issues with it feel free to let me know I’ll update the patch

The idea is that you apply the patch to openssh, compile, and install.

The patch provides another configuration setting for your sshd_config file

hook /path/to/executable

At the moment the patch doesn’t pick up on invalid passwords, but it does pick up on invalid usernames, and attempts to log in as root when root logins are disabled.

Basically on an invalid username it executes the file specified in the config file, passing two parameters:

Type: One of ROOT_LOGIN_REFUSED or AUTH_INVALID_USER
IPAddress: Well I’ll leave this one up to you.

It’s important to note that your executable should be as quick as possible in order to return to ssh.

eg:
Grep a file for the ip, add the ip to the file if it doesn’t already exist, add the ip to iptables (insert a reject rule before any ‘established’ or ‘related’ rules.)

Of course you could as easily use MySQL or the likes – but the idea is to not spend 40 minutes processing a request or you open yourself up for DoS attacks.

Patch File
File: openssh-4.2_p1-hook.patch [5.73 kB]
Download: 153

Ebuilds for Gentoo users
File: openssh-4.2_p1-r1-hook.tar.bz2 [16.78 kB] (103)

File: openssh-4.3_p2-r1-hook.tar.bz2 [9.30 kB] (108)

Comments

Spam no more - rel=nofollow is active here, spamming my comments will not help your page rank.

  Textile help
---== Copyright Shannon Wynter - All rights reserved - All wrongs avenged ==--- email