Subj : RE: preventing brute force attempts on privleged ports
To   : tonic
From : Beanzilla
Date : Thu Apr 08 2021 10:32 am


On 04/07/2021 8:36 pm tonic said...
 To> I've never super investigated how enigma handles ssh calls but I'm 
 To> curious if anyone is using a tool like SSHGuard or Fail2Ban to prevent 
 To> bot spam on these ports.

I know I wrote a tiny Python script that essentially tails the Enigma logs, when someone attempts to login with invalid/not allowed usernames (root and such) that I essentially act like Fail2Ban. (I used the IP table and stored for myself their IP and the current time, so I could remove them from the IP table after so many hours)

But my case was a bit different I think. (And I know a bit of Python do have done that)

I would figure both SSHGuard and Fail2Ban could work, or at least do something, in my case I was explicitly targeting when Enigma dumps to it's logs invalid usernames.

Take Care,
    Beanzilla



--- ENiGMA 1/2 v0.0.12-beta (linux; x64; 14.16.0)
 * Origin: BZ&BZ BBS (21:4/110)

.