[zorp-hu] ismetlodo ssh letiltasa

[Balazs Scheidler]

On Wed, 2004-08-11 at 12:44, Gabor E. Tusnady wrote:
> Sziasztok!
> 
> Meg lehet csinalni a zorp-pal, hogy ha valahonnan pasword scannel
> probalkoznak ssh-n, akkor a rovid idon belul ismetlodo tobbszori ssh
> kapcsolodast ne engedelyezze?
> Minden infot elore is koszonok,

mindent lehet :-), de pontosan mit szeretnel elerni? mondjuk ha egy
adott IP 1 percnel rovidebb session-t nyitott az elmult 3 percben
legalabb 3-szor, akkor csapja le a kapcsolatot ugyanarrol az IP-rol a
kovetkezo 10 percben?

Valahogy igy lehet (a short_sessions lockolasa hianyzik):

import time
short_sessions = {}

class MySSHPlugProxy(PlugProxy):
	def config(self):
		global short_sessions

		PlugProxy.config(self)
		ip = self.session.client_address.ip_s
		now = time.time()
		try:
			(last_attempt, count) = short_sessions[ip]
		except KeyError:
			last_attempt = now
			count = 0
		if now > last_attempt + 600:
			# last attempt more than 10 minutes ago, it is allowed again
			last_attempt = now
			count = 0
		count = count + 1
		if count > 3 and now < last_attempt + 180:
			# more than 3 attempts in the last 3 minutes
			raise DACException, "Connections over limit"
		short_sessions[ip] = (now, count)
		self.started_time = now

	def shutDown(self):
		global short_sessions

		PlugProxy.shutDown(self)
		now = time.time()
		if now - self.started_time > 60:
			# this was a session longer than 60 seconds, it was not a 
			# real short session
			ip = self.session.client_address.ip_s
			(last_attempt, count) = short_sessions[ip]
			short_sessions[ip] = (last_attempt, count - 1)


-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1