HOME

TheInfoList



Click Here for Items Related To - DenyHosts
OR:
DenyHosts on:   [Wikipedia]   [Google]   [Amazon]

DenyHosts is a
log Log most often refers to: * Trunk (botany), the stem and main wooden axis of a tree, called logs when cut ** Logging, cutting down trees for logs ** Firewood, logs used for fuel ** Lumber or timber, converted from wood logs * Logarithm, in mathe ...
-based intrusion-prevention security tool for
SSH The Secure Shell Protocol (SSH Protocol) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution. SSH was designed for Un ...
servers written in
Python Python may refer to: Snakes * Pythonidae, a family of nonvenomous snakes found in Africa, Asia, and Australia ** ''Python'' (genus), a genus of Pythonidae found in Africa and Asia * Python (mythology), a mythical serpent Computing * Python (prog ...
. It is intended to prevent
brute-force attack In cryptography, a brute-force attack or exhaustive key search is a cryptanalytic attack that consists of an attacker submitting many possible keys or passwords with the hope of eventually guessing correctly. This strategy can theoretically be ...
s on SSH servers by monitoring invalid login attempts in the authentication log and blocking the originating
IP address An Internet Protocol address (IP address) is a numerical label such as that is assigned to a device connected to a computer network that uses the Internet Protocol for communication. IP addresses serve two main functions: network interface i ...
es. DenyHosts is developed by Phil Schwartz, who is also the developer of Kodos Python Regular Expression Debugger.


Operation

DenyHosts checks the end of the authentication log for recent failed login attempts. It records information about their originating IP addresses and compares the number of invalid attempts to a user-specified threshold. If there have been too many invalid attempts it assumes a
dictionary attack In cryptanalysis and computer security, a dictionary attack is an attack using a restricted subset of a keyspace to defeat a cipher or authentication mechanism by trying to determine its decryption key or passphrase, sometimes trying thousands or ...
is occurring and prevents the IP address from making any further attempts by adding it to /etc/hosts.deny on the server. DenyHosts 2.0 and above support centralized synchronization, so that repeat offenders are blocked from many computers. The sit
denyhosts.net
gathers statistics from computers running the software. DenyHosts is restricted to connections using
IPv4 Internet Protocol version 4 (IPv4) is the first version of the Internet Protocol (IP) as a standalone specification. It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. ...
. It does not work with
IPv6 Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communication protocol, communications protocol that provides an identification and location system for computers on networks and routes traffic ...
. DenyHosts may be run manually, as a
daemon A demon is a malevolent supernatural being, evil spirit or fiend in religion, occultism, literature, fiction, mythology and folklore. Demon, daemon or dæmon may also refer to: Entertainment Fictional entities * Daemon (G.I. Joe), a character ...
, or as a
cron The cron command-line utility is a job scheduler on Unix-like operating systems. Users who set up and maintain software environments use cron to schedule jobs (commands or shell scripts), also known as cron jobs, to run periodically at fixed t ...
job.


Discoveries

In July 2007,
The Register ''The Register'' (often also called El Reg) is a British Technology journalism, technology news website co-founded in 1994 by Mike Magee (journalist), Mike Magee and John Lettice. The online newspaper's Nameplate_(publishing), masthead Logo, s ...
reported that from May until July that year, "compromised computers" at Oracle UK were listed among the ten worst offenders for launching brute force SSH attacks on the Internet, according to public DenyHosts listings. After an investigation, Oracle denied suggestions that any of its computers had been compromised.


Vulnerabilities

Daniel B. Cid wrote a paper showing that DenyHosts, as well the similar programs
Fail2ban Fail2Ban is an intrusion prevention system, intrusion prevention software framework. Written in the Python (programming language), Python programming language, it is designed to prevent brute-force attacks. It is able to run on POSIX systems that ...
and BlockHosts, were vulnerable to remote log injection, an attack technique similar to
SQL injection In computing, SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injec ...
, in which a specially crafted user name is used to trigger a block against a site chosen by the attacker. This was fixed in version 2.6.


Forks and descendants

Since there had been no further development by the original author Phil Schwartz after the release of version 2.6 (December 2006) and claimed version 2.7 (November 2008) for which no actual downloadable package is available, development was first continued in February 2012 by Matt Ruffalo in a
GitHub GitHub () is a Proprietary software, proprietary developer platform that allows developers to create, store, manage, and share their code. It uses Git to provide distributed version control and GitHub itself provides access control, bug trackin ...
repository. An independent and separate
fork In cutlery or kitchenware, a fork (from 'pitchfork') is a utensil, now usually made of metal, whose long handle terminates in a head that branches into several narrow and often slightly curved tines with which one can spear foods either to h ...
was started at the almost-identically named DenyHost SourceForge project site with the release of a different version 2.7 in May 2014. After version 2.9, the new SourceForge project has merged with the earlier GitHub repository, and newer versions are available via both means. The software that runs the centralized synchronization server which DenyHosts versions 2.0 and above can use, has never been released. Independent synchronization server software has been developed by Jan-Pascal van Best since June 2015.DenyHosts_Sync GitHub repositor
initial commitcurrent status
/ref>


See also

*
Fail2ban Fail2Ban is an intrusion prevention system, intrusion prevention software framework. Written in the Python (programming language), Python programming language, it is designed to prevent brute-force attacks. It is able to run on POSIX systems that ...
, a similar program that prevents brute force attacks against SSH and other services * OSSEC * TCP Wrapper


References

General references *Carla Schroder, ''Linux Networking Cookbook'', O'Reilly, 2007
pp. 223–226
*Ken Leyba
''Protect your server with Deny Hosts''
2008-01-28,
Free Software Magazine ''Free Software Magazine'' (also known as ''FSM'' and originally titled ''The Open Voice'') is a Web site that produces a (generally bi-monthly) mostly free-content online magazine about free software. It was started in November 2004 by Austral ...
issue 21 *Daniel Bachfeld, 24 July 2009,
Protecting SSH from brute force attacks. DenyHosts
',
H-online Heise Gruppe GmbH & Co. KG is a German media conglomerate headquartered in Hanover. It was founded in 1949 by Heinz Heise and is still family-owned. Its core business is directory media as well as general-interest and specialist media from the ...


External links

*{{Official website, www.denyhosts.net
Blue Box page on installing DenyHost
Free security software Free network-related software Free software programmed in Python Brute force blocking software Linux security software