TLUG Mailing List

Mailing List Archive

tlug.jp Mailing List tlug archive tlug Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] attack via ssh? (don't panic :-P)

Date: Fri, 13 May 2005 09:53:56 -0500

From: Stuart Luppescu <s-luppescu@example.com>

Subject: Re: [tlug] attack via ssh? (don't panic :-P)

References: <87is1nl9ta.fsf@example.com> <20050513234003.31cb0b09@example.com>
On 金, 2005-05-13 at 23:40 +0900, Michael Reinsch wrote:
> So I've written a small script that keeps an eye on those login
> attempts and blocks the corresponding IP address after some failed
> login attempts for about an hour. The heuristic used by this script to
> detect those attacks was designed to be very simple and not to
> interfere with normal user activity.
> 
> I'm planning to release this script some time soon - well, sooner if
> someone is really interested ;-)

I'm really interested. I get these at least once a day. If I notice it
on root-tail, I add the originating IP address to my set of iptables
rules to block. I have had PasswordAuthentication set to no
in /etc/ssh/sshd_config, but it doesn't seem to have any effect. :-<
-- 
Stuart Luppescu -=-=- s-luppescu <AT> uchicago <DOT> edu
CCSR at U of C   (^_^)/   www.consortium-chicago.org
Where are we going? And what are we doing in this handbasket?
Attachment: signature.asc
Description: This is a digitally signed message part

Follow-Ups:

Re: [tlug] attack via ssh? (don't panic :-P)
From: Nikolay Elenkov

References:

[tlug] attack via ssh? (don't panic :-P)
From: Stephen J. Turnbull

Re: [tlug] attack via ssh? (don't panic :-P)
From: Michael Reinsch

Prev by Date: Re: [tlug] attack via ssh? (don't panic :-P)

Next by Date: Re: [tlug] attack via ssh? (don't panic :-P)

Previous by thread: Re: [tlug] attack via ssh? (don't panic :-P)

Next by thread: Re: [tlug] attack via ssh? (don't panic :-P)

Index(es):

Date

Thread

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links