DenyHosts
| DenyHosts | |
|---|---|
| Basic data
|
|
| developer | Phil Schwartz |
| Current version | 2.7 (November 11, 2008) |
| operating system | Linux / POSIXe with firewall |
| programming language | python |
| category | Intrusion Prevention System |
| License | GPL Version 2 ( Free Software ) |
| http://denyhosts.sourceforge.net | |
DenyHosts is a log-based intrusion prevention system for SSH servers written in Python . It was written with the intention of preventing brute force attacks on SSH servers by logging and tracking down invalid logins, and of blocking the source IP addresses . DenyHosts is developed by Phil Schwartz.
Software maintenance has apparently long been given up (as of 2019), the project page only contains outdated information, and the manufacturer's homepage is no longer accessible.
Working method
DenyHosts checks the authentication log for new, failed login attempts. DenyHosts filters the source IP address from the log entries and checks how often an IP has tried to log in. If a user-defined number is exceeded, DenyHosts accepts a dictionary attack and blocks the IP address in order to prevent success by entering the IP into the /etc/hosts.deny. Blocked IPs can be viewed on the Internet.
DenyHosts can be operated manually, as a daemon and as a cron job.
Controversy
In July 2007, The Register reported that from May to July 2007 "compromised computers" were listed in Oracle UK's top 10 largest brute force source IPs. After an investigation was initiated, Oracle rejected any infection of their computers. Daniel B. Cid wrote an essay in which he showed that DenyHosts, similar to BlockHosts and Fail2ban , were vulnerable to Remote Log Injection , an attack similar to SQL Injection , in which a specially designed user is used to block to reach any page.
See also
Web links
Individual evidence
- ↑ DenyHosts Statistical Summary ( Memento of the original of February 24, 2009 in the Internet Archive ) Info: The archive link was automatically inserted and not yet checked. Please check the original and archive link according to the instructions and then remove this notice. denyhosts.net, accessed September 18, 2018.
- ↑ John Leyden: Oracle refutes 'SSH hacking' slur. Mystery over bogus DenyHosts listing The Register on July 21, 2007, accessed on September 18, 2018.
- ^ Daniel B. Cid: Attacking Log Analysis tools , accessed September 18, 2018.
