domingo, 14 de diciembre de 2008

Stopping SSH & FTP brute force attacks with IPFW

Brute force attacks are becoming more and more common in todays security landscape; if you receive security cron logs from your FreeBSD server you will know exactly what I mean. These attacks usually use automated software to try thousands of username and password combinations on SSH and FTP, continually aiming to find a weak account on your system and exploit it.

If an attacker can get access to one system account, that is the first step to doing some very bad things on your system, a nightmare for users and administrators. Luckily, there is a way to stop these attacks, and they’re freely available in the ports collection.

IPTables on Linux has the ability to dynamically add rules to block brute force attacks, however IPFW, a widely used firewall and packet filter, does not have an ability. We are forced to turn to look for 3rd party apps, lucky for us there are some very good ones out there, and we will look at 2 here.

No hay comentarios: