Page 1 of 1

Feature Request: SSH Brute Force Protection

Posted: Thu Apr 24, 2014 5:32 pm
by marcodor
Recently I discovered in MT logs a lot of "login failure" entries from the same IP via SSH service.
Even "hacker" successfully tried 4-5 passwords per seconds, quite impressive.
Usually, Linux servers artificially freeze for an exponential time after 2-3 login failures from the same source for frequent retries.
Can this kind of protection be implemented in Router OS?
Thanks in advice!

Re: Feature Request: SSH Brute Force Protection

Posted: Thu Apr 24, 2014 5:45 pm
by jarda
Successfully? Hope not...

Re: Feature Request: SSH Brute Force Protection

Posted: Thu Apr 24, 2014 5:48 pm
by tomaskir
3 words: "Use the firewall"

Setup proper input chain filtering, and you will be safe.
Its not just SSH you should be worried about, DNS amplification attack will hit you much more seriously for example.

Re: Feature Request: SSH Brute Force Protection

Posted: Thu Apr 24, 2014 6:11 pm
by marcodor
"Use the firewall"
Good idea, but anyway, i think it's useful to have such feature implemented into ssh protocol.
What if I want to leave it open to any public ip, but protected of such brute attacks.
Even DBMS have such feature integrated, or almost every OS even they also have firewall feature.

Re: Feature Request: SSH Brute Force Protection

Posted: Thu Apr 24, 2014 6:28 pm
by Thalid