[SGVLUG] ssh breakins
Greg Stark
gstark at electrorent.com
Fri Aug 4 09:10:43 PDT 2006
James,
What flavor of Linux are you using?
>I wrote a script that went through and pulled out the IP addresses from
>the log files and added them to my iptables drop list. I also
>researched some of them, with the help of WHOIS from Network Solutions
>web pages, and found the ones coming from eastern Europe and Asia. I
>banned entire subnets (some */7) from ever getting to my network again.
Would you mind posting a copy of your script? I'd be interested in seeing
how you are doing it.
>I always thought it would be fun to write a script (somehow trigger it
>by the ssh dameon upon receiving a failed login attempt) that would
>automatically portscan and DoS on the offending client.
How about an hourly CRON job like WEBILIZER to process the log?
Greg
More information about the SGVLUG
mailing list