I mentioned in a post about SSH password guessing attacks that I had started null routing hosts that attempted to crack into my servers and network devices. As usual, the Slaptijack readers were more than willing to offer suggestions on existing lists and automation systems. As promised, I've collected those here. If you know of a list or system that isn't here, please contact me. Remember to include information about the list as well as you name and website URL so that I can give you credit.

Applications

  • DenyHosts is a Linux application that actively blocks SSH attackers via TCP Wrapper. Additionally, this application has the ability to utilize a centralized database allowing all servers to benefit from it. Thanks to Tim Evans.
  • DShield updates the shared DShield database with your firewall logs. Although it doesn't actively prevent intrusions, subscribing to the DShield service will allow you to use the Fightback service to automatically forward intrusion attempts to the offending ISP. Thanks to Onur Yirmibesoglu.
  • Fail2ban is another application that scans activity logs looking for password failures and takes action. Fail2ban has the benefit of working for many services (SSH, Apache, etc.) and applying a variety of actions. Thanks to JustNick.
  • OSSEC is a host-based Intrusion Detection System (IDS) that runs on just about any operating system. It does log analysis, file checking, etc. Thanks to David.