Sentry – Prevents Brute Force Attacks Against SSH, FTP, SMTP and More

  • 23
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    23
    Shares

Sentry – free and open source tool which detects and prevents brute force attacks against ssh, ftp, smtp and more. Sentry is written in perl.

Supporting OS (operating system)

  • FreeBSD
  • Mac OS X
  • Linux (CentOS, Debain, Ubuntu)

Download Command:

  • bash || sh
  • export SENTRY_URL=https://raw.githubusercontent.com/msimerson/sentry/master/sentry.pl
  • curl -O $SENTRY_URL || wget $SENTRY_URL || fetch --no-verify-peer $SENTRY_URL

Run Command:

  • perl sentry.pl --update
    Running sentry.pl --update will:

    • create the sentry database (if needed)
    • install the perl script (if needed)
    • prompt you to edit /etc/hosts.allow (if needed)

Features:

  • blacklist – deny all future connections
  • whitelist – whitelist all future connections, remove the IP from the blacklists, and make it immune to future connection tests.
  • delist – remove an IP from the white and blacklists. This is useful for testing that sentry is working as expected.
  • connect – register a connection by an IP. The connect method will log the attempt and the time. See CONNECT.
  • update – Installs and update if a newer version is available. This is most reliable when LWP::UserAgent is installed.

How does it works?

When new connections arrive, the connect method will log the attempt and the time. If the IP is whitelisted or blacklisted, sentry exits immediately.

Next, sentry checks to see if the IP has been seen more than 3 times. If so, check the logs for successful, failed, and naughty attempts from that IP. If there are any successful logins, whitelist the IP and exit.

If there are no successful logins and there are naughty ones, blacklist the IP. If there are no successful and no naughty attempts but more than 10 connection attempts, blacklist the IP. See also NAUGHTY.

The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

One thought on “Sentry – Prevents Brute Force Attacks Against SSH, FTP, SMTP and More

Leave a Reply