[ale] What's the utility to shut out hackers/viri attempting sshd attacks?

James P. Kinney III jkinney at localnetsolutions.com
Sat Feb 4 06:56:19 EST 2006 

On Fri, 2006-02-03 at 12:00 -0500, H. A. Story wrote:
> That looks like great software but I wonder what happens if you are 
> behind a firewall and you are not using iptables routes.   Kind of a 
> long standing question in the back of my mind.
> 

Still works. Just because you're behind a firewall doesn't mean you
don't see the incoming addresses. 

In fact, if you _are_ behind a firewall and still seeing this problem,
all the more reason to run it.

A slicker scenario would be to have any attacked machine notify the
firewall of the offense so the firewall can do the block. sshdfilter
would need to be tweaked to do that.

> 
> James P. Kinney III wrote:
> 
> >http://www.csc.liv.ac.uk/~greg/sshdfilter/
> >
> >On Thu, 2006-02-02 at 16:37 -0500, Jim wrote:
> >  
> >
> >>I've got a situation where a Korean site is banging sshd trying bunches 
> >>of random user/passwords.  I know I've seen it discussed before.  Isn't 
> >>there a utility that automatically adds this IP to a .deny file or 
> >>otherwise shuts him out?
> >>
> >>Thanks,
> >>Jim.
> >>_______________________________________________
> >>Ale mailing list
> >>Ale at ale.org
> >>http://www.ale.org/mailman/listinfo/ale
> >>    
> >>
> >>------------------------------------------------------------------------
> >>
> >>_______________________________________________
> >>Ale mailing list
> >>Ale at ale.org
> >>http://www.ale.org/mailman/listinfo/ale
> >>
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
-- 
James P. Kinney III          \Changing the mobile computing world/
CEO & Director of Engineering \          one Linux user         /
Local Net Solutions,LLC        \           at a time.          /
770-493-8244                    \.___________________________./
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part

More information about the Ale mailing list