[Freedombox-discuss] Block brute force login attacks?

Philip Hands phil at hands.com
Tue Mar 18 23:32:49 UTC 2014

Petter Reinholdtsen <pere at hungry.com> writes:

> Hi.
> On all my machines, I install denyhosts with a two hour timeout
> (DAEMON_PURGE = 2h), to block those trying to brute force a ssh login.
> Should we do something similar on the Freedombox?
> In addition to denyhosts (which only handle ssh), there are other
> relevant packages in Debian:
>   libpam-shield - locks out remote attackers trying password guessing
>   libpam-abl - blocks hosts which are attempting a brute force attack


The trouble with this approach is that an attacker can always widen
their net, trying passwords against _many_ hosts, so that they only come
back to any particular host after a decent interval.  If they're smart
they'll be using a lot of source addresses (a bot-net, say) and they'll
be able to work out quite quickly what the parameters are for you to ban
them, and aim just under the RADAR.

So, what you're doing is blocking only the less dangerous attackers
while giving yourself a nice warm glow.

One would be a lot better off disabling passwords, or if that's not
possible, a spot of security though obscurity[1] can deal with almost all
the people that would be stopped by fail2ban or the like.

Cheers, Phil.

[1] I was thinking things like:

  Running ssh on a non-standard port

  Requiring some other mechanism, such as a port-knock or a login to the
  web interface in order to grant a temporary ability to use passwords
  from your IP address.

which will stop most random attacks from even establishing a connection.

Of course, all these tend to require a bit more of the user to get it to
work, which mean that it's out of the question for FreedomBox.  :-/

Cheers, Phil.
|)|  Philip Hands [+44 (0)20 8530 9560]    http://www.hands.com/
|-|  HANDS.COM Ltd.                    http://ftp.uk.debian.org/
|(|  10 Onslow Gardens, South Woodford, London  E18 1NE  ENGLAND
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20140318/e19da728/attachment.sig>

More information about the Freedombox-discuss mailing list