Re: failed root login attempts [SCANNED]

To: Debian Security <debian-security@lists.debian.org>
Subject: Re: failed root login attempts [SCANNED]
From: David Thurman <listonly@webpresencegroup.net>
Date: Mon, 20 Sep 2004 06:34:21 -0500
Message-id: <[🔎] BD742A6D.63D59%listonly@webpresencegroup.net>
In-reply-to: <[🔎] 20040919183057.GA22093@cirrus.madduck.net>

On 9/19/04 1:30 PM, "martin f krafft" wrote:

> Other than blacklisting the IPs (which is a race I am going to
> lose), what are people doing? Are there any distinctive marks in the
> SSH login attempt that one could filter on?

We are using our hosts.deny files to stop all ssh attempts from ALL IP's and
then add the allowed user IP's in hosts.allow.

We are also using a script similar to portsentry and logcheck called
logcheckplus which seems to do well, it will immediately lock out the
offending IP and notify you. It works well for dictionary attacks, ftp
kiddies and more.
-- 
David Thurman
The Web Presence Group
http://www.the-presence.com
Web Development/E-Commerce/CMS/Hosting/Dedicated Servers
800-399-6441/309-679-0774

Reply to:

Follow-Ups:
- Re: failed root login attempts [SCANNED]
  - From: Ryan Carter <rcarter@theplanet.com>

References:
- failed root login attempts
  - From: martin f krafft <madduck@madduck.net>

Prev by Date: Re: failed root login attempts
Next by Date: Re: Debian Hardened project (question about use of the "Debian" trademark)
Previous by thread: Re: failed root login attempts
Next by thread: Re: failed root login attempts [SCANNED]
Index(es):
- Date
- Thread