DenyHosts

DenyHosts is written in Python, log- based intrusion prevention system for SSH server. It was written with the intention to prevent brute force attacks on SSH servers by logging and tracking of invalid logins and block the source IP addresses. DenyHosts is developed by Phil Schwartz.

Operation

DenyHosts checked the Authentikationslog to new failed login attempts. DenyHosts filtered from the log entries, the source IP address and checks, as has often tried an IP to login. If a user-defined number is exceeded, takes DenyHosts to a dictionary attack and blocked the IP address to avoid the possibility of success by entering the IP in the / etc / hosts.deny. On stats.denyhosts.net be blocked IPs can see.

Controversies

In July 2007, The Register reported that from May to July 2007 ' compromised computer " at Oracle UK were listed among the 10 greatest brute-force source IPs. Following an investigation initiated Oracle rejected any infection of those computers. Daniel B. Cid wrote an essay in which he showed that DenyHosts similar BlockHosts and Fail2ban, vulnerable were compared with remote log injection, an attack that is similar to SQL injection, and in which a specially to created user is used to to obtain a block with respect to any side.

228355
de