Hi everybody
I have configured the direction and added some ssh related rules hoping that it will prevent the attack, but it doesn't work.
I configured the following in ossec.conf:
<command>
<name> firewall-drop </name>
<executable> firewall-drop.sh </executable>
<expect> srcip </expect>
<timeout_allowed> yes </timeout_allowed>
</command>
<active-response>
<command> firewall-drop </command>
<location> local </location>
<rules_id> 5712,5716,5720 </rules_id>
<timeout> 1800 </timeout>
</active-response>
I still find the password to login after bruteforce, I use the following command to attack:
hydra -l agent -P /home/attacker/Desktop/list.txt 192.168.10.2 -t 4 ssh
Is there any way the active-response can prevent this
thanks everyone