OT: Security....
Scot L. Harris
webid at cfl.rr.com
Thu Oct 28 13:16:39 UTC 2004
On Thu, 2004-10-28 at 03:37, HaJo Schatz wrote:
>
> I do see more brute force attempts @ ssh these days and start wondering
> how much longer some script kiddie needs to make the algortihm a bit more
> clever (and eg attack user names on certain hosts which are likely to
> exist. This could be harvested eg from email addresses...).
>
> I have hacked a script which tails /var/log/secure and reacts on attempts
> to log in as root with password. Such offending IPs are then denied port
> 22 access. Any comments, positive or negative, on this?
Just be careful how you set this up. If the hacker figures out you are
performing automatic blocks they can write a script to spoof addresses
and cause your system to auto block addresses that you might want to
allow.
You may want to look at snort. I believe they have various options that
allow you to trigger on suspicious behavior and take similar actions if
you want. Seemed like a fairly extensive scripting capability was
available.
Just watch out that you don't cause your own DOS attack on your system.
--
Scot L. Harris
webid at cfl.rr.com
He who loses, wins the race,
And parallel lines meet in space.
-- John Boyd, "Last Starship from Earth"
More information about the fedora-list
mailing list