[prev in list] [next in list] [prev in thread] [next in thread]
List: dropbear
Subject: Re: restrict access
From: Hans Harder <hans () atbas ! org>
Date: 2021-05-21 14:56:59
Message-ID: CAKzsc6d0_0tU=F8nS_fCniFgFwm40ru82Rvtd1yPy=fMzozwTw () mail ! gmail ! com
[Download RAW message or body]
You can add some small code in svr_main.c for allowing/denying remote
servers based on their ip address
getaddrstring(&remoteaddr, &remote_host, NULL, 0);
/* HH hostallow start */
/* Check if remote host is allowed */
if (hostallow_check(remote_host) == 0) {
fprintf(stderr,"Not allowed, closing connection\n");
goto out;
}
/* HH hostallow end */
/* Limit the number of unauthenticated
connections per IP */
num_unauthed_for_addr = 0;
num_unauthed_total = 0;
for (j = 0; j < MAX_UNAUTH_CLIENTS; j++) {
just add something like this in svr_main.c in the the main_noinetd function
I check in the hostallow_check function if there is a certain file
like host_<remote_host>.allow in a certain directory
if not it will close the connection.
Hans
On Thu, May 20, 2021 at 5:05 PM Sebastian Gottschall
<s.gottschall@dd-wrt.com> wrote:
>
> what about a feature like blocking a client for N minutes if more than N
> times of failed logins. its relativily easy to implement and lows down
> brute force attacks
>
> Am 20.05.2021 um 16:44 schrieb Matt Johnston:
> > On Thu, May 20, 2021 at 02:29:20PM +0000, Walter Harms wrote:
> >> Thx for the fast response,
> >> for the background: little system, far-far-away land, but some script-kiddie is filling the log ...
> >> so no iptables or other fancy stuff. Seems i have to change that, somehow.
> >>
> >> @matt:
> >> in case i get something working ...
> >> i am thinking about fnmatch and inet_ntoa would that be acceptable ?
> > I'm not really sure it's the job of Dropbear to be doing
> > that filtering. Though I wonder if it might make sense to
> > optionally not bother logging failed SSH auth attempts,
> > given how many there are...
> >
> > Cheers,
> > Matt
> >
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic