On Sun, Sep 19, 2004 at 10:09:12PM +0200, martin f krafft wrote: > These scripts already exist. However, they require you to look > continuously. That's not an option. And it has to keep the admin in > the loop (and thus not be an automated blocker) because otherwise > you are open for denial-of-service attacks. As an additional point against these scripts, they are host based. If I'm going to bother blackholing the source of these login attempts, I'm going to do it at the border. Yes, I can write scripts to react to this kind of scanning and have it automatically manipulate access lists on the routers, I'm not sure I really like the idea. I'm sort of leaning in that direction, at this point, though, just to shut up logcheck without telling it to ignore all failed root login attempts. noah
Attachment:
pgpdcujCivnB7.pgp
Description: PGP signature