Re: Advice on dealing with scripted SSH attacks?



There's a nice fully-automated package called "fail2ban" on Sourceforge. It works with the logs of various programs including ssh, apache, etc. and uses iptables or hosts.deny to block IPs for a period after a specified number of failures.

It's written in python and is pretty easy to configure for other firewalls and logs.

-Seren Thompson



Relevant Pages

  • Python libraries for log mining and event abstraction? (possibly OT)
    ... I am trying to do some event abstraction to mine a set of HTTP logs. ... Ideally I'd love a python toolkit that has abstracted this out into a ... Some of these patterns may require non-trivial criteria / logic not ...
    (comp.lang.python)
  • Processing time and IDS traffic
    ... (forensics, anti-virus, IDS, firewalls, etc.) ... What I did was parse the logs into XML records and arranged them into a nice ... strategically placed IDS system and what people get from a IDS system ... - Automatically Control P2P, IM and Spam Traffic ...
    (Focus-IDS)
  • Re: [fw-wiz] Log checking?
    ... > Back when I had real production firewalls, ... I was analysing squid logs with custom Perl scripts. ... official MTAs to go through generated quite a bit of logging too). ... tunneling was not as popular and/or easy to the general ...
    (Firewall-Wizards)
  • RE: Port 5552?
    ... Grepping through October's logs, I found a few more on ... > What I can't find is what uses this port. ... Sydney Area Health Service." ...
    (Incidents)
  • Re: Check Point NG Cluster Logging issue
    ... >couple of hours and The firewall logs locally. ... >When I perform a cprestart member-1, it would log to the SmartCenter ... On the individual firewalls - what is the "local" time. ... As the "time" is incremented by the interrupt, ...
    (comp.security.firewalls)