Re: failed root login attempts

To: debian-security@lists.debian.org
Subject: Re: failed root login attempts
From: Dossy Shiobara <dossy@panoptic.com>
Date: Sun, 19 Sep 2004 14:42:08 -0400
Message-id: <[🔎] 20040919184208.GI3038@panoptic.com>
Mail-followup-to: Dossy Shiobara <dossy@panoptic.com>, debian-security@lists.debian.org
In-reply-to: <[🔎] 20040919183057.GA22093@cirrus.madduck.net>
References: <[🔎] 20040919183057.GA22093@cirrus.madduck.net>

On 2004.09.19, martin f krafft <madduck@madduck.net> wrote:
> Other than blacklisting the IPs (which is a race I am going to
> lose),

Why do you say that?  I haven't seen this more than a few times a week
so I haven't bothered to do anything yet, but I'm very close to writing
a script that tail's the syslog and on more than X repeat failures,
add a rule to iptables -j DROP traffic from the offending IP address.

If I'm feeling nice, I'll keep a list of the IPs that have been
temporarily blacklisted with a timestamp of when they were added, and
expire them after X time has passed ...

Same goes for failed FTP login attempts ...

-- Dossy

-- 
Dossy Shiobara                       mail: dossy@panoptic.com 
Panoptic Computer Network             web: http://www.panoptic.com/ 
  "He realized the fastest way to change is to laugh at your own
    folly -- then you can let go and quickly move on." (p. 70)

Reply to:

Follow-Ups:
- Re: failed root login attempts
  - From: SZALAY Attila <mrwas@cdata.hu>
- Re: failed root login attempts
  - From: Noah Meyerhans <noahm@debian.org>

References:
- failed root login attempts
  - From: martin f krafft <madduck@madduck.net>

Prev by Date: failed root login attempts
Next by Date: Re: failed root login attempts
Previous by thread: failed root login attempts
Next by thread: Re: failed root login attempts
Index(es):
- Date
- Thread