Re: Advice on dealing with scripted SSH attacks?
There's a nice fully-automated package called "fail2ban" on Sourceforge. It works with the logs of various programs including ssh, apache, etc. and uses iptables or hosts.deny to block IPs for a period after a specified number of failures.
It's written in python and is pretty easy to configure for other firewalls and logs.
-Seren Thompson
Relevant Pages
- Python libraries for log mining and event abstraction? (possibly OT)
... I am trying to do some event abstraction to mine a set of HTTP logs. ... Ideally I'd love a python toolkit that has abstracted this out into a ... Some of these patterns may require non-trivial criteria / logic not ...
(comp.lang.python) - Processing time and IDS traffic
... (forensics, anti-virus, IDS, firewalls, etc.) ... What I did was parse the logs into XML records and arranged them into a nice ... strategically placed IDS system and what people get from a IDS system ... - Automatically Control P2P, IM and Spam Traffic ...
(Focus-IDS) - Re: [fw-wiz] Log checking?
... > Back when I had real production firewalls, ... I was analysing squid logs with custom Perl scripts. ... official MTAs to go through generated quite a bit of logging too). ... tunneling was not as popular and/or easy to the general ...
(Firewall-Wizards) - RE: Port 5552?
... Grepping through October's logs, I found a few more on ... > What I can't find is what uses this port. ... Sydney Area Health Service." ...
(Incidents) - Re: Check Point NG Cluster Logging issue
... >couple of hours and The firewall logs locally. ... >When I perform a cprestart member-1, it would log to the SmartCenter ... On the individual firewalls - what is the "local" time. ... As the "time" is incremented by the interrupt, ...
(comp.security.firewalls) |
|
