Ruminations on an SSH attack
Tom Buskey
tom at buskey.name
Mon Dec 19 13:50:01 EST 2005
On 12/19/05, Bruce Dawson <jbd at codemeta.com> wrote:
>
>
>
> But I guess a better place to stop them would be in tcpwrappers or even
> the firewall, but I haven't figured out a way to wedge something like
> RBL into tcpwrappers or iptables/ipchains. Any ideas?
DenyHosts and sshblack poll (tail -f?) logfiles. DenyHosts adds sshd: <ip>
into hosts.deny. sshblack adds to iptables/ipchains.
If you can get sendmail to log bogons to a file, DenyHosts can probably be
modified to use smtp: instead of sshd:. I'd imagine sshblack could do the
same.
--
A strong conviction that something must be done is the parent of many bad
measures.
- Daniel Webster
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20051219/942e6ad7/attachment.html
More information about the gnhlug-discuss
mailing list