Closed henry-spanka closed 7 years ago
Hello!
SSH brute force is some sort of application flood. I have some ideas about it detection but it's very hard because we need dig into packet body :(
Hey, that's true. I'm currently developing a custom notify_about_attack_script which analyzes the exact kind of attack and takes further actions if necessary(Blackholing, iptables, tc ...). Just wanted this to be noted down if you or someone else has nothing to do :P Deep Packet inspection would use really much resources, so I think it only would be possible with "big" systems.
Hello!
Finally, the same response as I provided for SMTP spam detection.
Unfortunately, it's out of scope for DDoS mitigation toolkit. I like this idea but it's suitable only for another toolkit.
Hey, maybe it would be cool to track the connections and detect brute force attacks on port 22(ssh)