Thomas Stivers wrote:
I have been getting a huge number of attempts to log into my box via ssh which fail with invalid username entrys in the logs. Is there already a package which will let me look through the logs and dynamically add iptables rules to drop anything from these scanning addresses after something like 3 attempts. I know I can set up hosts.allow and hosts.deny to only allow ssh in from particular ip's, but I'd rather not do that. Any suggestions would be appreciated.
get 'chkrootkit' (www.chkrootkit.org) and 'rootkit hunter' (www.rootkit.nl) and check your box.
info regarding portnocking: www.portknocking.org (my fav. is Sadoor) greets Mart