Archive for the “Anti-brute forcing tools” Category

« Previous Entries
Apr 26 2009

SSHGuard – Protect from SSH Bruteforcing

Posted by security in Anti-brute forcing tools

Here is a tool to protect from SSH password bruteforcing attacks that have been lately increase in frequency.

Sshguard is a log monitor. It protects networked hosts from the today's widespread brute force attacks against services, most notably SSH. It detects such attacks and blocks the author's address with a firewall rule.

Sshguard is BSD licensed; you can download sshguard for free, or browse it/fetch it from its SVN repository.

Sshguard monitors servers from their logging activity. It reacts to messages about dangerous activity by blocking the source address with the local firewall.

Messages describing dangerous activity can be easily customized. This makes sshguard usable with any server, and in general anything that logs something. Sshguard supports natively different attack targets, and has the ability to react differently depending on the target service.

Many tools exist with the purpose of mitigating the problem of brute force login attacks against a SSH server. Sshguard appears superior to all of them (to all whose I know of) when summing up the features:

There is some functional difference from other tools to sshguard:

  • it supports whitelisting
  • it supports IPv6 natively
  • it can recognize several logging formats transparently (so it does not require filters)
  • it can recognize host names automatically from log files (it's not tricked by addresses in non-IP form)
  • its blocking behaviour is easily customizable and can react differently depending on the attacked service

There is some non-functional difference from other tools to sshguard:

  1. a very large part of these tools are simple scripts. So, they require a permanent interpreter application which usually takes a lot of system memory. Which, on servers, is very precious.
    Sshguard is written in C, and designed to be 0-impact on system resources.
  2. several tools require customization (hack & play).
    Sshguard is designed for extreme ease of use (plug & play).
  3. many tools are OS- or firewall-specific (usually Linux).
    Sshguard is designed to work on many OSes and can operate several firewall systems; see Compatibility.
  4. nearly all tools are constraintly written for their operating scenario.
    Sshguard can be extended for operating with custom/proprietary firewalls with very very few effort.

 

 

 

Comments Comments Off

« Previous Entries