Document Actions
tb-sshdfilter - Stop ssh Break-in Attempts - Free Download
Hackers use automated programs attempting to get shell access to your Linux systems every day. tb-sshdfilter by Eric V. Smith of True Blade Systems stops these break-in attempts. True Blade has released tb-sshdfilter under the GPL license.
If you study the logfiles of nearly any Linux system
exposed to the Internet you will often see hundreds or even thousands
of break-in attempts each week.
Wouldn't you rather block these attempts quickly and silently, restricting the offender from having any further contact with your system?
Here's how we believe this process should work:
- Hacker attempts to break-in via ssh
- Software detects break-in and logs IP Address of hacker
- Software inserts hacker's IP address into new firewall rule, blocking all TCP/IP packets originating from hacker's IP address - hacker can not make any further contact with our server from the blocked IP address
- (Future Improvement) Hacker's blocked IP address is shared with other servers to also protect them from break-in attempts
- Software expires rule blocking hacker's IP address after pre-determined time period
An existing program, sshdfilter, attempts to solve this problem. True Blade partner Eric V. Smith studied sshdfilter and determined that a new solution was required to address the requirements of our clients. tb-sshdfilter is a new program, written in Python, which attempts to provide a more flexible and robust solution. The following table explains why we believe tb-sshdfilter is a superior program.
Comparison of tb-sshdfilter and sshdfilter 1.3.5
| Feature / attribute | tb-sshdfilter | sshdfilter |
|---|---|---|
| Author & Contact Information | Eric V. Smith, True Blade Systems, Inc. | Greg: greg at csc liv ac uk |
| Difficulty to Change sshd Parsing Trigger Keywords | Easy (in separate config file) | Difficult (requires script change) |
| Supports Listening on Alternate TCP Ports (not just port 22) | Yes | No |
| Separate init.d from sshd Permits simultaneous operation and testing of sshd and filtering program | Yes | No |
| Self-Daemonizing | Yes | No |
| iptables logic separate from sshd output parser Allows rules to be stored in a database | Yes | No |
| Rules Specifications | Concise | Repetitive |
| Programming Language Used | Python | Perl |
| Software License | GNU GPL | GNU GPL |
| First Release Date | October 12, 2005 | June 5, 2005 |
How tb-sshdfilter Works
tb-sshdfilter monitors the output of sshd for unauthorized login attempts and automatically blocks offending IP addresses from being able to make further attempts.
We have prepared a
PDF file
with more information about tb-sshdfilter.
tb-sshdfilter is being released to the general public by True Blade Systems, Inc.
under the
GNU Public License (GPL).
There is no charge to use the software but we do ask that you give us feedback about your experiences with tb-sshdfilter after you have it up and running.
tb-sshdfilter was first demonstrated to the public at the
Columbia, Maryland Linux User's Group
on October 12, 2005.
Download tb-sshdfilter version 1.1.
Note: You will be prompted to register and login before the download will begin. Registered tb-sshdfilter users are allowed to contribute to ongoing dialog and commentary and will receive priority notification of all improvements and updates.
tb-sshdfilter Release History
- 2006-02-10 version 1.1
Users must register on True Blade's website to download the tb-sshdfilter software. tb-sshdfilter remains free and GPL licensed, but anonymous downloads are no longer permitted. -
2005-10-14 version 1.1
Added code to detect if sshd and iptables executables (as configured) exist and are executable.
-
2005-10-12 version 1.0
Initial release.