Re: failed root login attempts

To: debian-security@lists.debian.org
Subject: Re: failed root login attempts
From: Dossy Shiobara <dossy@panoptic.com>
Date: Sun, 19 Sep 2004 16:03:27 -0400
Message-id: <[🔎] 20040919200327.GJ3038@panoptic.com>
Mail-followup-to: Dossy Shiobara <dossy@panoptic.com>, debian-security@lists.debian.org
In-reply-to: <[🔎] 20040919185011.GA16993@morgul.net>
References: <[🔎] 20040919183057.GA22093@cirrus.madduck.net> <[🔎] 20040919184208.GI3038@panoptic.com> <[🔎] 20040919185011.GA16993@morgul.net>

On 2004.09.19, Noah Meyerhans <noahm@debian.org> wrote:
> If I notice the scan immediately, I will occasionally blackhole the
> source IP at our network border, but it's rare that I notice in time.

That's why I suggested writing something that tail's the syslog and
detects the scan immediately ...

-- Dossy

-- 
Dossy Shiobara                       mail: dossy@panoptic.com 
Panoptic Computer Network             web: http://www.panoptic.com/ 
  "He realized the fastest way to change is to laugh at your own
    folly -- then you can let go and quickly move on." (p. 70)

Reply to:

Follow-Ups:
- Re: failed root login attempts
  - From: martin f krafft <madduck@debian.org>

References:
- failed root login attempts
  - From: martin f krafft <madduck@madduck.net>
- Re: failed root login attempts
  - From: Dossy Shiobara <dossy@panoptic.com>
- Re: failed root login attempts
  - From: Noah Meyerhans <noahm@debian.org>

Prev by Date: Re: failed root login attempts
Next by Date: Re: failed root login attempts
Previous by thread: Re: failed root login attempts
Next by thread: Re: failed root login attempts
Index(es):
- Date
- Thread