Re: What to do with attackers?

To: debian list <debian-user@lists.debian.org>
Subject: Re: What to do with attackers?
From: Glenn English <ghe@slsware.com>
Date: Fri, 04 Nov 2005 10:19:38 -0700
Message-id: <[🔎] 1131124778.9071.24.camel@snuk.slsware.lan>
In-reply-to: <[🔎] 1131104926.2367.5.camel@localhost.localdomain>
References: <[🔎] 436B4319.4010805@ares.dyndns.biz> <[🔎] 1131104926.2367.5.camel@localhost.localdomain>

On Fri, 2005-11-04 at 12:48 +0100, Rakotomandimby Mihamina wrote:

> > recently, i can see ofthen brute force attacks in my ssh logfile.
> > A friend of mine, who has the same ISP gets the same bruteforce attacks.
> > What would be an adequate reaction to repeated ssh bruteforce attacks?
> 
> Nothing. In fact, I manage some servers, and I get millions of these
> kind of attacks. If someone should take care of them, it would be a huge
> work. It's just like spam, just drop. OpenSSH is reliable enough ;-).

That's exactly what I was doing; then my log partition filled up. I
wrote a little shell script cron job that detects new ones and adds the
IP to the firewall's BadGuys chain for a couple days. 

-- 
Glenn English
ghe@slsware.com
GPG ID: D0D7FF20

Reply to:

References:
- What to do with attackers?
  - From: Thomas <jade@ares.dyndns.biz>
- Re: What to do with attackers?
  - From: Rakotomandimby Mihamina <mihamina.rakotomandimby@etu.univ-orleans.fr>

Prev by Date: Re: Solaris: The Most Advanced OS?
Next by Date: Re: qemu & vt's
Previous by thread: Re: What to do with attackers?
Next by thread: Re: What to do with attackers?
Index(es):
- Date
- Thread