DenyHosts

DenyHosts
DenyHosts
Developer(s) Phil Schwartz
Stable release 2.7 / November 11, 2008; 2 years ago (2008-11-11)
Written in Python
Operating system Linux, FreeBSD
Type Security / HIPS
License GPL
Website denyhosts.sf.net

DenyHosts is a log-based intrusion prevention security tool for SSH servers written in Python. It is intended to prevent brute force attacks on SSH servers by monitoring invalid login attempts in the authentication log and blocking the originating IP addresses. DenyHosts is developed by Phil Schwartz, who is also the developer of Kodos Python regular expression debugger.

Contents

Operation

DenyHosts checks the end of the authentication log for recent failed login attempts. It records information about their originating IP addresses and compares the number of invalid attempts to a user-specified threshold. If there have been too many invalid attempts it assumes a dictionary attack is occurring and prevents the IP address from making any further attempts by adding it to /etc/hosts.deny on the server. DenyHosts 2.0 and above support centralized synchronization, so that repeat offenders are blocked from many computers. The site denyhosts.net gathers statistics from computers running the software.

DenyHosts may be run manually, as a daemon, or as a cron job.

Controversies

In July 2007, The Register reported that from May until July that year, "compromised computers" at Oracle UK were listed among the ten worst offenders for launching brute force SSH attacks on the Internet. After an investigation, Oracle refuted that any of its computers had been compromised.[1] Daniel B. Cid wrote a paper showing that DenyHosts, as well the similar programs, BlockHosts, and Fail2ban were vulnerable to remote log injection, an attack technique similar to SQL injection, in which a specially crafted user name is used to trigger a block against a site chosen by the attacker.[2]

See also

  • Fail2ban is a similar program that prevents brute force attacks against SSH and other services.
  • OSSEC
  • TCP Wrappers

References

General references

External links


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • DenyHosts — Entwickler Phil Schwartz Aktuelle Version 2.7 (11. November 2008) Betriebssystem Linux/POSIXe mit Firewall Kategorie Intrusion Prevention System …   Deutsch Wikipedia

  • Fail2ban — Infobox Software name = Fail2Ban caption = Fail2Ban developer = Cyril Jaquier latest release version = 0.8.2 latest release date = March 6, 2008 operating system = Linux genre = Intrusion prevention license = GPL v2 website =… …   Wikipedia

  • IP blocking — prevents the connection between a computer or network and certain IP addresses or ranges of addresses. IP blocking effectively bans undesired connections from those computers to a website, mail server, or other Internet server.IP banning is… …   Wikipedia

  • TCP Wrapper — NOTOC Infobox Software name = TCP Wrapper caption = developer = Wietse Venema latest release version = v0.7.6 operating system = Unix like genre = Security license = BSD license website = [ftp://ftp.porcupine.org/pub/security/index.html] TCP… …   Wikipedia

  • Devil-Linux — Login Screen Company / developer DL team OS family Linux …   Wikipedia

  • BlockHosts — Infobox Software name = BlockHosts caption = BlockHosts developer = Avinash Chopde latest release version = 2.4 latest release date = June 17, 2008 operating system = FreeBSD,OpenBSD,NetBSD,DragonflyBSD,Linux genre = Intrusion prevention license …   Wikipedia

  • BruteForceBlocker — Infobox Software name = BruteForceBlocker caption = BruteForceBlocker developer = Daniel Gerzo latest release version = 1.2.3 latest release date = March 6, 2006 operating system = FreeBSD,OpenBSD,NetBSD,DragonflyBSD,Linux genre = Intrusion… …   Wikipedia

  • BlockSSHD — Infobox Software name = BruteForceBlocker caption = BruteForceBlocker developer = James Turnbull latest release version = 1.3 latest release date = June 27, 2008 operating system = Linux genre = Intrusion prevention license = GNU General Public… …   Wikipedia

  • SSHBlock — Infobox Software name = SSHBlock caption = SSHBlock developer = Anders Nordby latest release version = 1.0 latest release date = December 3, 2006 operating system = FreeBSD,OpenBSD,NetBSD,DragonflyBSD,Linux genre = Intrusion prevention license =… …   Wikipedia

  • SSHGuard — Infobox Software name = SSHGuard caption = SSHGuard developer = Michele Mazzucchi latest release version = 1.1 latest release date = July 24, 2008 operating system = FreeBSD,OpenBSD,NetBSD,DragonflyBSD,Linux,Solaris,IBM AIX programming language …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”