Re: What to do about SSH brute force attempts?

To: Jakov Sosic <jakov.sosic@srce.hr>
Cc: debian-security@lists.debian.org
Subject: Re: What to do about SSH brute force attempts?
From: Micah Anderson <micah@riseup.net>
Date: Thu, 21 Aug 2008 12:33:36 -0400
Message-id: <[🔎] 20080821163336.GM21708@pond.riseup.net>
In-reply-to: <[🔎] 200808211738.41983.jakov.sosic@srce.hr>
References: <[🔎] 20080821143351.GP98911@l03.thnet> <[🔎] 48AD8257.2030403@gmail.com> <[🔎] 200808211738.41983.jakov.sosic@srce.hr>

* Jakov Sosic <jakov.sosic@srce.hr> [2008-08-21 09:11-0400]:
> On Thursday 21 August 2008 16:57:27 Max Zimmermann wrote:
> 
> > The problem with reporting the IPs is, that it can become a very big
> > task, as the number of IPs denyhosts blocks increases.
> 
> You can always write a script that will send an email after every SSH 
> bruteforce attack to a mail address from whois database. That way you don't 
> have to do it manually, and still you can do some good deed if someone has a 
> server that's broken into, and is not (yet) aware of that. 

You could use dronebl, a dnsbl service, to check against and report
attacks to (http://headcandy.org/rojo/ for some examples using
fail2ban).

micah

Reply to:

Follow-Ups:
- Re: What to do about SSH brute force attempts?
  - From: Brent Clark <bclark@eccotours.biz>

References:
- What to do about SSH brute force attempts?
  - From: Michael Tautschnig <mt@debian.org>
- Re: What to do about SSH brute force attempts?
  - From: Max Zimmermann <maxzimmermann@googlemail.com>
- Re: What to do about SSH brute force attempts?
  - From: Jakov Sosic <jakov.sosic@srce.hr>

Prev by Date: Re: What to do about SSH brute force attempts?
Next by Date: Re: What to do about SSH brute force attempts?
Previous by thread: Re: What to do about SSH brute force attempts?
Next by thread: Re: What to do about SSH brute force attempts?
Index(es):
- Date
- Thread