[ale] What's the utility to shut out hackers/viri attempting sshd attacks?
runman
runman at speedfactory.net
Thu Feb 2 17:16:50 EST 2006
Option #1 - read Bob Toxen's fine book - I believe he gives
up his code for an adaptive firewall. Pretty cool stuff.
Option #2 - if it's only 1 IP add it manually to your
firewall and forget about them.
Option #3 - if you are using OpenBSD I think spamd (the
OpenBSD one) will slowly suck up his resources (I think - it
might be only for mail). I like tarpits and such - maybe if
their box blows up it will cause some collateral damage.
Option #4 - look at Snort
Option #5 - regardless of the above I would try to call
their ISP and get them shut down - or better yet have your
ISP do it (doubtful). But it's worth a try.
G'luck.
Greg
----- Original Message Follows -----
From: "attriel" <attriel at d20boards.net>
To: ale at ale.org
To: ale at ale.org
Subject: Re: [ale] What's the utility to shut out
hackers/viri attempting sshd attacks?
Date: Thu, 2 Feb 2006 16:55:43 -0500 (EST)
> > I've got a situation where a Korean site is banging sshd
> > trying bunches of random user/passwords. I know I've
> > seen it discussed before. Isn't there a utility that
> > automatically adds this IP to a .deny file or otherwise
> shuts him out?
>
> sshdfilter ?
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list