[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OT: Security....



On Thu, 2004-10-28 at 03:37, HaJo Schatz wrote:

> 
> I do see more brute force attempts @ ssh these days and start wondering
> how much longer some script kiddie needs to make the algortihm a bit more
> clever (and eg attack user names on certain hosts which are likely to
> exist. This could be harvested eg from email addresses...).
> 
> I have hacked a script which tails /var/log/secure and reacts on attempts
> to log in as root with password. Such offending IPs are then denied port
> 22 access. Any comments, positive or negative, on this?

Just be careful how you set this up.  If the hacker figures out you are
performing automatic blocks they can write a script to spoof addresses
and cause your system to auto block addresses that you might want to
allow.  

You may want to look at snort.  I believe they have various options that
allow you to trigger on suspicious behavior and take similar actions if
you want.  Seemed like a fairly extensive scripting capability was
available.

Just watch out that you don't cause your own DOS attack on your system.

-- 
Scot L. Harris
webid cfl rr com

He who loses, wins the race,
And parallel lines meet in space.
		-- John Boyd, "Last Starship from Earth" 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]