Re: Reporting brute force ssh login attempts
On Wed, 15 Nov 2006 21:00:10 +0000
Shri Shrikumar <shri@kraya.co.uk> wrote:
> Hi Peter,
>
> Peter Colton wrote:
> > A handy tool I use to cut down on ssh brute force attacks is
> > fail2ban : You can install it from backports.org.
> > Add the backport url to your sources.list
> > http://www.backports.org/dokuwiki/doku.php?id=instructions
> > Then after you have installed fail2ban comment out
> > www.backports.org url in your apt sources.list so that you will
> > not bring in any unwanted packages in the future.
> >
> > http://fail2ban.sourceforge.net/wiki/index.php/README
> > http://www.ducea.com/2006/07/03/using-fail2ban-to-block-brute-force-attacks/
> > http://www.debianhelp.co.uk/fail2ban.htm
> >
>
> Thank you. That looks like a useful tool. I have already installed
> it on one server to see how it goes. Is there some way of also
> automatically reporting these ip's so that whoever is responsible
> for that server is alerted to a worm or whatever might be causing
> this?
>
>
> Shri
>
I would be interested in hearing how it works for you on your
server.
--
Raquel
============================================================
True wisdom is less presuming than folly. The wise man doubteth
often, and changeth his mind; the fool is obstinate, and doubteth
not; he knoweth all things but his own ignorance.
--Akhenaton
Reply to: