Re: S: ssh worms FAQ
From: Jos (jos_at_nospam.nl)
Date: 10/09/04
- Previous message: DoN. Nichols: "Re: Storing paswords encrypted in DB tables."
- In reply to: microcheap: "Re: S: ssh worms FAQ"
- Next in thread: microcheap: "Re: S: ssh worms FAQ"
- Reply: microcheap: "Re: S: ssh worms FAQ"
- Reply: Stephan Goeldi: "Re: S: ssh worms FAQ"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 09 Oct 2004 10:53:29 +0200
On Fri, 08 Oct 2004 21:48:24 -0400, microcheap wrote:
> On Fri, 17 Sep 2004 11:43:42 +0000, Stephan Goeldi wrote:
>
>>> Not really.
>>
>> Ah yes, I see. But anyway: Is there any script available, which totally
>> blocks any machine trying to log in as user test (e.g.)?
>>
>> The discussion about this
>> (http://seclists.org/lists/fulldisclosure/2004/Jul/1243.html and
>> http://dev.gentoo.org/~krispykringle/sshnotes.txt) suggests, that there is
>> more on this than only password guessing ...
> What would be nice is a script that checks the logs and through IPTABLES
> blocks multiple login attempts by the same IP.
> Anyone know of such a script?
>
> mc
Try psad. Not a script but checks your logs and optionally (but not
recommended by psad) blocks the offender.
http://www.cipherdyne.com/psad/
Jos
- Previous message: DoN. Nichols: "Re: Storing paswords encrypted in DB tables."
- In reply to: microcheap: "Re: S: ssh worms FAQ"
- Next in thread: microcheap: "Re: S: ssh worms FAQ"
- Reply: microcheap: "Re: S: ssh worms FAQ"
- Reply: Stephan Goeldi: "Re: S: ssh worms FAQ"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
