Re: sshd attack?

To: debian-security@lists.debian.org
Subject: Re: sshd attack?
From: Andres Salomon <dilinger@mp3revolution.net>
Date: Wed, 15 Aug 2001 17:38:52 -0400
Message-id: <[🔎] 20010815173852.A4530@mp3revolution.net>
In-reply-to: <[🔎] 20010815095927.A16878@tlth.lth.se>
References: <[🔎] 002401c1255d$3095e280$406a3c86@wohnheim.uniulm.de> <[🔎] 20010815095927.A16878@tlth.lth.se>

ippl is also quite helpful.   http://pltplp.net/ippl/.

On Wed, Aug 15, 2001 at 09:59:27AM +0200, J?rgen Persson wrote:
[...]
> 
> > How can I find out, from where this attack is originating? Must I increase
> > the verbositiy level of sshd to achieve this?
> 
> sshd might be able to do it. I'm logging the originating adress through
> my internet services daemon. I happen to use tcpserver[1] but inetd[2]
> and xinetd[3] ought to be able to do it as well. A second alternative is
> to do it through a tcpwrapper like Venemas[4].
> 
> J?rgen
> [1] http://cr.yp.to/ucspi.tcp/tcpserver.html
> [2] ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/
> [3] http://www.xinetd.org/
> [4] ftp://ftp.porcupine.org/pub/security/
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
> 

-- 
"Any OS is only as good as its admin, and you obviously suck."
	-- Ian Gulliver, http://orbz.org/mail/mansunix.txt

Reply to:

References:
- sshd attack?
  - From: "Siegbert Baude" <Siegbert.Baude@gmx.de>
- Re: sshd attack?
  - From: Jörgen Persson <jpn@tlth.lth.se>

Prev by Date: Re: [lbw] Re: VPN and Firewall
Next by Date: disabled in xinetd doesn't work?
Previous by thread: Re: sshd attack?
Next by thread: blocking an ip after n failed login attempts
Index(es):
- Date
- Thread