OT: Security....

Scot L. Harris webid at cfl.rr.com
Thu Oct 28 13:16:39 UTC 2004

On Thu, 2004-10-28 at 03:37, HaJo Schatz wrote:

> I do see more brute force attempts @ ssh these days and start wondering
> how much longer some script kiddie needs to make the algortihm a bit more
> clever (and eg attack user names on certain hosts which are likely to
> exist. This could be harvested eg from email addresses...).
> I have hacked a script which tails /var/log/secure and reacts on attempts
> to log in as root with password. Such offending IPs are then denied port
> 22 access. Any comments, positive or negative, on this?

Just be careful how you set this up.  If the hacker figures out you are
performing automatic blocks they can write a script to spoof addresses
and cause your system to auto block addresses that you might want to

You may want to look at snort.  I believe they have various options that
allow you to trigger on suspicious behavior and take similar actions if
you want.  Seemed like a fairly extensive scripting capability was

Just watch out that you don't cause your own DOS attack on your system.

Scot L. Harris
webid at cfl.rr.com

He who loses, wins the race,
And parallel lines meet in space.
		-- John Boyd, "Last Starship from Earth" 

More information about the fedora-list mailing list