PREVENTING BRUTE FORCE ATTACK THROUGH THE ANALYZING LOG

Secure Shell (SSH) is a secure remote login program which can be used in place of regular telnet. It has become the default remote access method for administration of UNIX systems. It is very common for public Internet facing servers to experience attacks that attempt to brute force username and password combinations via SSH to gain access. This paper examines these attacks depending on SSH log file to find unsuccessful logins then blocks IP addresses of unsuccessful logins for a period of time that is decided by administrator and then send an e-mail to administrator to consider whether the addresses blocked belong to users failed to access or by an attacker, finally the administrator will block attacker s IP address forever. Some attackers highly skilled and just used trusted IP address as a user name then the software will block the IP address of attacker as well as the victim IP address that is used by attacker. In this paper, an adaptive mechanism was built-in to distinguish between attacker IP address and victim IP address which may be used by an attacker, and then the program will block just attacker IP address.