Re: SSH attack
On Mon, 10 Oct 2005, Marty wrote:
> > simple test ...
> > ( use your positive or negative logic equivalents for these files )
> > /etc/hosts.deny
> > ALL : ALL
> I'm not sure that will work with the manpage example I gave.
works for me ... no services coming in that is not supposed to
> > you'll find that you will need to have
> > /etc/hosts.allow
> > sshd : 192.168.123.456
> > restart the inetd or sshd as needed
> Don't forget to add your ssh entry in /etc/inetd.conf.
everything is turned off, sshd is NOT listed in inetd.conf or xinetd.conf
whichever one is being used .. and similarly for the [x]inetd daemon
- sshd does its own magic based on the allow/deny entries
grep whatever you like from the gazillion log files for ssh this and ssh