[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: What to do about SSH brute force attempts?

* Jakov Sosic <jakov.sosic@srce.hr> [2008-08-21 09:11-0400]:
> On Thursday 21 August 2008 16:57:27 Max Zimmermann wrote:
> > The problem with reporting the IPs is, that it can become a very big
> > task, as the number of IPs denyhosts blocks increases.
> You can always write a script that will send an email after every SSH 
> bruteforce attack to a mail address from whois database. That way you don't 
> have to do it manually, and still you can do some good deed if someone has a 
> server that's broken into, and is not (yet) aware of that. 

You could use dronebl, a dnsbl service, to check against and report
attacks to (http://headcandy.org/rojo/ for some examples using


Reply to: