[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-register-public] [task #4723] Submission of attacker blocking
|
From: |
Maarten Deprez |
|
Subject: |
[Savannah-register-public] [task #4723] Submission of attacker blocking PAM module |
|
Date: |
Fri, 30 Sep 2005 22:23:23 +0200 |
|
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.1; nl-NL; rv:1.7.10) Gecko/20050717 Firefox/1.0.6 |
URL:
<http://savannah.gnu.org/task/?func=detailitem&item_id=4723>
Summary: Submission of attacker blocking PAM module
Project: Savannah Administration
Submitted by: maarten
Submitted on: Fri 09/30/05 at 22:23
Should Start On: Fri 09/30/05 at 00:00
Should be Finished on: Mon 10/10/05 at 00:00
Category: Project Approval
Priority: 5 - Normal
Status: None
Privacy: Public
Assigned to: None
Percent Complete: 0%
Open/Closed: Open
Effort: 0.00
_______________________________________________________
Details:
A new project has been registered at Savannah
The project account will remain inactive until a site admin approve or
discard the registration.
######### REGISTRATION ADMINISTRATION #########
While this item will be useful to track the registration process, approving
or discarding the registration must be done using the specific "Group
Administration" page, accessible only to site administrators, effectively
logged as site administrators (superuser):
<https://savannah.gnu.org/admin/groupedit.php?group_id=8009>
######### REGISTRATION DETAILS #########
Full Name:
----------
attacker blocking PAM module
System Group Name:
-----------------
pam-siegho
Type:
-----
non-GNU software & documentation
License:
--------
GNU General Public License V2 or later
Description:
------------
This project is a little pam module "pam_siegho" that defends by blocking a
user/host when s/he repeatedly fails to login (such as an attacker who tries
to guess a password).
For every visitor, the time of the last try and the "fear" is
remembered. Every time a visitor tries to get in
(when pam is called), the "fear" increases by one unit , and decreases
by one unit for each time the "fearyness" time passed since the last try. If
after that the "fear" exceeds the limit, the visitor will not be allowed to
come in and a configurable action will be executed. If the visitor, while he
is barred out, tries to come in before the timeout passed, the time of the
last try is updated (so he will have to wait the whole timeout again), but
the action isn't done again. After a successful login, the guard becomes
quiet about that visitor again (the fear becomes 0).
I already have a working version. Since i didn't find a PAM module like this
to help defend our attacked ssh server, i wrote this (for blocking repeatedly
trying users it exists, but as an attacker can specify any username, it
wouldn't help at all and he would be able to blacklist any user he wants). It
can be used to add the address of the attacker to a blacklist for use in
firewall rules. Now i want to share my work.
You can get the source code from
http://home.scarlet.be/~p1925850/pam_siegho.tar.gz
Other Software Required:
------------------------
As this is a PAM module, it depends on PAM. I don't think there are other
dependencies.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/task/?func=detailitem&item_id=4723>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Savannah-register-public] [task #4723] Submission of attacker blocking PAM module,
Maarten Deprez <=