[ale] What's the utility to shut out hackers/viri attempting sshd attacks?

Sat Feb 4 15:37:52 EST 2006

I used to get lots of the "script kiddie" attacks on my port 22 sshd every
day. I got tired of seeing their entries in my logwatch e-mails.

On the advice of someone on this list, I changed my sshd port number in
/etc/ssh/sshd_config (FC3). Yea, I had to change my client configs but now
no more entries in my nightly logwatch e-mails.

Patr}ck

On 2/4/06, James P. Kinney III <jkinney at localnetsolutions.com> wrote:
>
> On Fri, 2006-02-03 at 12:00 -0500, H. A. Story wrote:
> > That looks like great software but I wonder what happens if you are
> > behind a firewall and you are not using iptables routes.   Kind of a
> > long standing question in the back of my mind.
> >
>
> Still works. Just because you're behind a firewall doesn't mean you
> don't see the incoming addresses.
>
> In fact, if you _are_ behind a firewall and still seeing this problem,
> all the more reason to run it.
>
> A slicker scenario would be to have any attacked machine notify the
> firewall of the offense so the firewall can do the block. sshdfilter
> would need to be tweaked to do that.
>
> >
> > James P. Kinney III wrote:
> >
> > >http://www.csc.liv.ac.uk/~greg/sshdfilter/
> > >
> > >On Thu, 2006-02-02 at 16:37 -0500, Jim wrote:
> > >
> > >
> > >>I've got a situation where a Korean site is banging sshd trying
> bunches
> > >>of random user/passwords.  I know I've seen it discussed
> before.  Isn't
> > >>there a utility that automatically adds this IP to a .deny file or
> > >>otherwise shuts him out?
> > >>
> > >>Thanks,
> > >>Jim.
> > >>_______________________________________________
> > >>Ale mailing list
> > >>Ale at ale.org
> > >>http://www.ale.org/mailman/listinfo/ale
> > >>
> > >>
> >
> >>------------------------------------------------------------------------
> > >>
> > >>_______________________________________________
> > >>Ale mailing list
> > >>Ale at ale.org
> > >>http://www.ale.org/mailman/listinfo/ale
> > >>
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> --
> James P. Kinney III          \Changing the mobile computing world/
> CEO & Director of Engineering \          one Linux user         /
> Local Net Solutions,LLC        \           at a time.          /
> 770-493-8244                    \.___________________________./
> http://www.localnetsolutions.com
>
> GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
> <jkinney at localnetsolutions.com>
> Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
>
> iD8DBQBD5JZjYZCtw4KcbKcRAnxKAKDhfeTc0zvvzg5HCEroKBRehF5WewCeNkNw
> P5O+bC1dk/iRCy5mq2aHIgE=
> =5uAu
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
>
-------------- next part --------------
An HTML attachment was scrubbed...