[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: intrusion via ssh



On Thu, 31 Mar 2005 09:02:03 -0800, Todd A. Jacobs <nospam@codegnome.org> wrote:
> On Thu, Mar 31, 2005 at 12:55:46PM +0200, Frederic Guillet wrote:
> 
> > I have about 500 attemps with different usernames and the same IP so i
> > guess it is a robot which is trying to enter my system.
> 
> Use /etc/hosts.deny to block that IP address. You can also achieve
> similar results in the /etc/ssh/sshd_config file. As for whether or no
> the session was actually opened, that information is being logged to
> /var/log/auth.log by default.

A while ago Andrew Pollock blogged about this.
He used (or still uses?) a netfilter module which blocks IP addresses
connecting more than 4 times in 60 seconds.

http://blog.andrew.net.au/2005/02/17#ipt_recent_and_ssh_attacks

Cheers,
 -Olaf



Reply to: