[SLL] bad login attempts

Pann McCuaig pann at ourmanpann.com
Sun Jul 20 15:12:29 PDT 2008 

On Sun, Jul 20, 2008 at 15:05, Paul A. Franz, P.E. wrote:

> Some days I get hit with many thousands of login probes. A clip of a
> few entries from the logs follows. I've got a couple of questions.
>
> 1) Should "lastb -a" show anything for all these? I show none.
>
> 2) I'm thinking that I'd like to use IPTables to drop all traffic from
> that IP once a specified count of bad logins has occurred within say,
> 1 minute. Any suggestions on how to do this?

Perhaps this will help:

http://denyhosts.sourceforge.net/

>    gerrard/password from 222.73.37.221: 1 Time(s)
>    gerry/password from 222.73.37.221: 1 Time(s)
>    gertrud/password from 222.73.37.221: 1 Time(s)
>    gertrude/password from 222.73.37.221: 1 Time(s)
>    gest/password from 85.199.174.69: 1 Time(s)
>    get/password from 222.237.77.33: 1 Time(s)
>    get/password from 222.73.37.221: 1 Time(s)
>    gg/password from 222.237.77.33: 1 Time(s)
>    ggarcia/password from 85.199.174.69: 1 Time(s)
>    gia/password from 222.73.37.221: 1 Time(s)
>    gianluca/password from 222.237.77.33: 1 Time(s)
>    gib/password from 222.73.37.221: 1 Time(s)
>    gibson/password from 222.73.37.221: 1 Time(s)
>    gil/password from 222.73.37.221: 1 Time(s)
>    gilbert/password from 222.73.37.221: 1 Time(s)
>    gilberto/password from 85.199.174.69: 3 Time(s)
>    gillian/password from 222.73.37.221: 1 Time(s)
>    gimcre/password from 85.199.174.69: 1 Time(s)
>    gina/password from 222.73.37.221: 1 Time(s)
>    ginger/password from 85.199.174.69: 1 Time(s)
>    ginnie/password from 222.73.37.221: 1 Time(s)
>    giopre/password from 85.199.174.69: 1 Time(s)
>    giorgia/password from 85.199.174.69: 1 Time(s)
>    giovanni/password from 222.73.37.221: 1 Time(s)
>    girl/password from 222.237.77.33: 1 Time(s)
>    gisela/password from 222.73.37.221: 1 Time(s)
>    giselle/password from 222.73.37.221: 1 Time(s)
>    gladys/password from 222.73.37.221: 1 Time(s)
>    glen/password from 222.73.37.221: 1 Time(s)
>    glen/password from 85.199.174.69: 1 Time(s)
>    glenn/password from 222.73.37.221: 1 Time(s)
>    global/password from 222.73.37.221: 1 Time(s)
>    gloria/password from 85.199.174.69: 1 Time(s)
> 
> -- 
> Paul A. Franz, P.E.
> PAF Consulting Engineers
> Office 425.641.8202
> FAX 425.641.1773
> Cell 425.241.1618

-- 
geek by nature, Linux by choice                     L I N U X       .~.
                                                    The Choice      /V\
http://vps.ourmanpann.com/oss/                       of a GNU      /( )\
                                                    Generation     ^^-^^

More information about the linux-list mailing list