Re: failed root login attempts
On 2004.09.19, martin f krafft <madduck@madduck.net> wrote:
> Other than blacklisting the IPs (which is a race I am going to
> lose),
Why do you say that? I haven't seen this more than a few times a week
so I haven't bothered to do anything yet, but I'm very close to writing
a script that tail's the syslog and on more than X repeat failures,
add a rule to iptables -j DROP traffic from the offending IP address.
If I'm feeling nice, I'll keep a list of the IPs that have been
temporarily blacklisted with a timestamp of when they were added, and
expire them after X time has passed ...
Same goes for failed FTP login attempts ...
-- Dossy
--
Dossy Shiobara mail: dossy@panoptic.com
Panoptic Computer Network web: http://www.panoptic.com/
"He realized the fastest way to change is to laugh at your own
folly -- then you can let go and quickly move on." (p. 70)
Reply to: