- DenyHosts
-
DenyHosts Developer(s) Phil Schwartz Stable release 2.7 / November 11, 2008 Written in Python Operating system Linux, FreeBSD Type Security / HIPS License GPL Website denyhosts.sf.net DenyHosts is a log-based intrusion prevention security tool for SSH servers written in Python. It is intended to prevent brute force attacks on SSH servers by monitoring invalid login attempts in the authentication log and blocking the originating IP addresses. DenyHosts is developed by Phil Schwartz, who is also the developer of Kodos Python regular expression debugger.
Contents
Operation
DenyHosts checks the end of the authentication log for recent failed login attempts. It records information about their originating IP addresses and compares the number of invalid attempts to a user-specified threshold. If there have been too many invalid attempts it assumes a dictionary attack is occurring and prevents the IP address from making any further attempts by adding it to
/etc/hosts.deny
on the server. DenyHosts 2.0 and above support centralized synchronization, so that repeat offenders are blocked from many computers. The site denyhosts.net gathers statistics from computers running the software.DenyHosts may be run manually, as a daemon, or as a cron job.
Controversies
In July 2007, The Register reported that from May until July that year, "compromised computers" at Oracle UK were listed among the ten worst offenders for launching brute force SSH attacks on the Internet. After an investigation, Oracle refuted that any of its computers had been compromised.[1] Daniel B. Cid wrote a paper showing that DenyHosts, as well the similar programs, BlockHosts, and Fail2ban were vulnerable to remote log injection, an attack technique similar to SQL injection, in which a specially crafted user name is used to trigger a block against a site chosen by the attacker.[2]
See also
- Fail2ban is a similar program that prevents brute force attacks against SSH and other services.
- OSSEC
- TCP Wrappers
References
- ^ John Leyden, Oracle refutes 'SSH hacking' slur. Mystery over bogus DenyHosts listing, 21st July 2007
- ^ Daniel B. Cid, Attacking Log Analysis tools
General references
- Carla Schroder, Linux Networking Cookbook, O'Reilly, 2007, pp. 223–226, ISBN 0596102488
- Ken Leyba, Protect your server with Deny Hosts, 2008-01-28, Free Software Magazine issue 21
- Daniel Bachfeld, 24 July 2009, Protecting SSH from brute force attacks. DenyHosts, H-online
External links
Categories:- Free security software
- Free network-related software
- Free software programmed in Python
- Brute force blocking software
Wikimedia Foundation. 2010.