Denyscan

Overview

Denyscan locks out hosts which scan and run brute force (dictionary) attacks against it.

Denyscan runs a daemon to monitor ssh and POP3 logins. It will automatically block traffic from the offending host by adding a firewall rule. Sshlock runs on Linux, FreeBSD and NetBSD. It has not been tested on Solaris or other UNIX variants yet.

When a host is blocked, sshlock logs an entry through the syslog facility.

Jul 16 15:37:19 example denyscand[8035]: port 22 deny 64.132.172.7
Jul 17 15:23:03 example denyscand[8035]: port 22 deny 69.93.247.30
Jul 18 23:02:44 example denyscand[8035]: port 110 deny 201.15.13.21
Jul 19 10:35:11 example denyscand[14182]: safehost 192.168.5.1

Installation

  1. Extract the denyscan tarball
  2. Change the current directory to the one where the sshlock source code
    was extracted.
  3. If you are using FreeBSD or NetBSD, rename the Makefile.bsd file
    to Makefile
    If you are using a Linux distribution, rename the Makefile.linux file to Makefile
  4. Type make and press Enter to compile sshlock

Starting denyscan

  1. Edit the configuration file ( /etc/sshlockd.conf) and add the IP addresses
    e.g safeaddr=192.168.5.0/24
  2. Run denyscand

License

Copyright © 2004-2008 Eland Systems All Rights Reserved.

  1. Redistribution and use in source and binary forms must retain the above copyright notice, this list of conditions and the following disclaimer.
  2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
  3. All advertising materials mentioning features or use of this software
    must display the following acknowledgement:
    This product includes software developed by Eland Systems
  4. The name of Eland Systems may not be used to endorse or promote products
    derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Download

The download is provided free of charge subject to our license agreement.

denyscan-1.2.tgz (8 KB)
MD5 sum 108e5e1beffeca0c7b4e4988947611ef

Feedback

If you have any questions or suggestions, send an email to scam+denyscan@elandsys.com