Re: failed root login attempts [SCANNED]

To: debian-security@lists.debian.org
Subject: Re: failed root login attempts [SCANNED]
From: Ryan Carter <rcarter@theplanet.com>
Date: Mon, 20 Sep 2004 08:46:52 -0500
Message-id: <[🔎] 414EDF4C.5020303@theplanet.com>
In-reply-to: <[🔎] BD742A6D.63D59%listonly@webpresencegroup.net>
References: <[🔎] BD742A6D.63D59%listonly@webpresencegroup.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Thurman wrote:
| On 9/19/04 1:30 PM, "martin f krafft" wrote:
|
|
|>Other than blacklisting the IPs (which is a race I am going to
|>lose), what are people doing? Are there any distinctive marks in the
|>SSH login attempt that one could filter on?
|
|
| We are using our hosts.deny files to stop all ssh attempts from ALL
IP's and
| then add the allowed user IP's in hosts.allow.
|
| We are also using a script similar to portsentry and logcheck called
| logcheckplus which seems to do well, it will immediately lock out the
| offending IP and notify you. It works well for dictionary attacks, ftp
| kiddies and more.

Just change your sshd port and don't worry about it. :/

- --
Ryan Carter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBTt9MidqUDin6C5IRAvwwAJ4qDXiVFlte4cy3ICo7oDaUBjfkVQCeOBp6
b634sp2ObvS/2lUFgyJxFJ8=
=WZvf
-----END PGP SIGNATURE-----

Reply to:

References:
- Re: failed root login attempts [SCANNED]
  - From: David Thurman <listonly@webpresencegroup.net>

Prev by Date: Re: failed root login attempts
Next by Date: Re: [sec] Re: failed root login attempts
Previous by thread: Re: failed root login attempts [SCANNED]
Next by thread: Re: [SECURITY] [DSA 552-1] New imlib2 packages fix potential arbitrary code execution
Index(es):
- Date
- Thread