Ruminations on an SSH attack
Cole Tuininga
colet at code-energy.com
Mon Dec 19 10:14:01 EST 2005
On Mon, 2005-12-19 at 09:04 -0500, Tom Buskey wrote:
> I've started running something called DenyHosts. If I get N failed
> logins from an IP address, it gets added to /etc/hosts.deny and my
> sshd never sees that IP again. It's worth checking out. All
> automated w/ email alerts, expiration of IPs (or not), number of
> failures, etc.
I have to put in another vote for this. DenyHosts
(http://denyhosts.sf.net) has decreased my log sizes significantly.
Thankfully, it seems as though the scripts that most script kiddies are
using seem to stop trying after they get failed connections due to being
put in hosts.deny.
--
"I have one plan for linux. World Domination."
-Linus Torvalds
Cole Tuininga
Lead Developer
Code Energy, Inc
colet at code-energy.com
PGP Key ID: 0x43E5755D
More information about the gnhlug-discuss
mailing list