Ruminations on an SSH attack

Tom Buskey tom at buskey.name
Mon Dec 19 13:50:01 EST 2005


On 12/19/05, Bruce Dawson <jbd at codemeta.com> wrote:
>
>
>
> But I guess a better place to stop them would be in tcpwrappers or even
> the firewall, but I haven't figured out a way to wedge something like
> RBL into tcpwrappers or iptables/ipchains. Any ideas?



DenyHosts and sshblack poll (tail -f?) logfiles.  DenyHosts adds sshd: <ip>
into hosts.deny.  sshblack adds to iptables/ipchains.

If you can get sendmail to log bogons to a file, DenyHosts can probably be
modified to use smtp: instead of sshd:.  I'd imagine sshblack could do the
same.




--
A strong conviction that something must be done is the parent of many bad
measures.
  - Daniel Webster
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20051219/942e6ad7/attachment.html


More information about the gnhlug-discuss mailing list