摘要
笔者针对SSH服务的字典攻击问题,提出一套以分析系统日志记录文件为基础的SSH字典攻击自动隔离机制。通过TCP-Wrapper自动侦测SSH连接的功能,触发系统日志记录文件分析程序,以取得使用字典攻击作为入侵手段的攻击者来源,最后运用防火墙软件自动封锁攻击者来源,达成自动隔离的目的,此机制将可有效减缓SSH服务的字典攻击问题。
Aiming at the dictionary attack of SSH service,the author proposes an automatic isolation mechanism of SSH dictionary attack based on analyzing system log files.Through the function of TCP-Wrapper to automatically detect SSH connections,trigger the system log file analysis program to obtain the source of attackers using dictionary attacks as intrusion means,and finally use firewall software to automatically block the source of attackers to achieve the purpose of automatic isolation.This mechanism will effectively alleviate the dictionary attack of SSH services.
作者
赵云亭
Zhao Yunting(Taiyuan University,Taiyuan Shanxi 030032,China)
出处
《信息与电脑》
2019年第6期166-167,共2页
Information & Computer