Re: [sec] Re: failed root login attempts

To: debian-security@lists.debian.org
Subject: Re: [sec] Re: failed root login attempts
From: maximilian attems <debian@sternwelten.at>
Date: Tue, 21 Sep 2004 01:40:14 +0200
Message-id: <[🔎] 20040920234014.GG1731@v216-190.vps.tuwien.ac.at>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20040919202329.GA26298@cirrus.madduck.net>
References: <[🔎] 20040919183057.GA22093@cirrus.madduck.net> <[🔎] 20040919184208.GI3038@panoptic.com> <[🔎] 20040919185011.GA16993@morgul.net> <[🔎] 20040919200327.GJ3038@panoptic.com> <[🔎] 20040919200912.GA25674@cirrus.madduck.net> <[🔎] 20040919201930.GC16993@morgul.net> <[🔎] 20040919202329.GA26298@cirrus.madduck.net>

On Sun, 19 Sep 2004, martin f krafft wrote:

> also sprach Noah Meyerhans <noahm@debian.org> [2004.09.19.2219 +0200]:
> > As an additional point against these scripts, they are host based.
> > If I'm going to bother blackholing the source of these login
> > attempts, I'm going to do it at the border.  Yes, I can write
> > scripts to react to this kind of scanning and have it
> > automatically manipulate access lists on the routers, I'm not sure
> > I really like the idea.  I'm sort of leaning in that direction, at
> > this point, though, just to shut up logcheck without telling it to
> > ignore all failed root login attempts.
> 
> If you ask me, logcheck should learn how to evaluate log messages in
> their context...

hmm there are ideas for logcheck after sarge+1, please elaborate.
ATM logcheck is a pretty dumb `egrep -v' wrapper of your logs.

that symplicity of design has it's strength,
but there are for example demands for trigger values.


--
maks

Reply to:

Follow-Ups:
- Re: [sec] Re: failed root login attempts
  - From: Steve Kemp <skx@debian.org>

References:
- failed root login attempts
  - From: martin f krafft <madduck@madduck.net>
- Re: failed root login attempts
  - From: Dossy Shiobara <dossy@panoptic.com>
- Re: failed root login attempts
  - From: Noah Meyerhans <noahm@debian.org>
- Re: failed root login attempts
  - From: Dossy Shiobara <dossy@panoptic.com>
- Re: failed root login attempts
  - From: martin f krafft <madduck@debian.org>
- Re: failed root login attempts
  - From: Noah Meyerhans <noahm@debian.org>
- Re: failed root login attempts
  - From: martin f krafft <madduck@debian.org>

Prev by Date: Re: failed root login attempts [SCANNED]
Next by Date: Re: [sec] Re: failed root login attempts
Previous by thread: Re: failed root login attempts
Next by thread: Re: [sec] Re: failed root login attempts
Index(es):
- Date
- Thread