[Leaplist] SShellPhishing Blacklist
Richard F. Ostrow Jr.
rich at warfaresdl.com
Wed Sep 24 23:57:07 EDT 2008
<quote who="John Simpson">
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
<snip>
> i ended up having to write
> a script which watches their syslogs in real time, and when it sees
> more than a certain number of "sshd: bad password" or "sshd: unknown
> user" messages from the same IP in a certain amount of time, it
> creates an iptables rule which blocks that IP immediately.
I basically do the same thing... though it doesn't log whether the attempt
was successful or not. My firewall is smart enough to automatically see
such things and block by IP. Try to connect more than 5 times in 5
seconds? IP block for a week. Try 15 simultaneous connections? The same.
These things aren't hard, and they stop most brute-force attacks.
--
Life without passion is death in disguise
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Leaplist
mailing list