Re: failed root login attempts [SCANNED]
-----BEGIN PGP SIGNED MESSAGE-----
David Thurman wrote:
| On 9/19/04 1:30 PM, "martin f krafft" wrote:
|>Other than blacklisting the IPs (which is a race I am going to
|>lose), what are people doing? Are there any distinctive marks in the
|>SSH login attempt that one could filter on?
| We are using our hosts.deny files to stop all ssh attempts from ALL
| then add the allowed user IP's in hosts.allow.
| We are also using a script similar to portsentry and logcheck called
| logcheckplus which seems to do well, it will immediately lock out the
| offending IP and notify you. It works well for dictionary attacks, ftp
| kiddies and more.
Just change your sshd port and don't worry about it. :/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----