[SLL] bad login attempts

Charles Hewson cahewson at eskimo.com
Sun Jul 20 15:31:05 PDT 2008 

On Sun, 20 Jul 2008, Pann McCuaig wrote:

> On Sun, Jul 20, 2008 at 15:05, Paul A. Franz, P.E. wrote:
>
> > Some days I get hit with many thousands of login probes. A clip of a
> > few entries from the logs follows. I've got a couple of questions.
> >
> > 1) Should "lastb -a" show anything for all these? I show none.
> >
> > 2) I'm thinking that I'd like to use IPTables to drop all traffic from
> > that IP once a specified count of bad logins has occurred within say,
> > 1 minute. Any suggestions on how to do this?
>
> Perhaps this will help:
>
> http://denyhosts.sourceforge.net/
>

Also; http://www.fail2ban.org/

> >    gerrard/password from 222.73.37.221: 1 Time(s)
> >    gerry/password from 222.73.37.221: 1 Time(s)
> >    gertrud/password from 222.73.37.221: 1 Time(s)
> >    gertrude/password from 222.73.37.221: 1 Time(s)
> >    gest/password from 85.199.174.69: 1 Time(s)
> >    get/password from 222.237.77.33: 1 Time(s)
> >    get/password from 222.73.37.221: 1 Time(s)
> >    gg/password from 222.237.77.33: 1 Time(s)
> >    ggarcia/password from 85.199.174.69: 1 Time(s)
> >    gia/password from 222.73.37.221: 1 Time(s)
> >    gianluca/password from 222.237.77.33: 1 Time(s)
> >    gib/password from 222.73.37.221: 1 Time(s)
> >    gibson/password from 222.73.37.221: 1 Time(s)
> >    gil/password from 222.73.37.221: 1 Time(s)
> >    gilbert/password from 222.73.37.221: 1 Time(s)
> >    gilberto/password from 85.199.174.69: 3 Time(s)
> >    gillian/password from 222.73.37.221: 1 Time(s)
> >    gimcre/password from 85.199.174.69: 1 Time(s)
> >    gina/password from 222.73.37.221: 1 Time(s)
> >    ginger/password from 85.199.174.69: 1 Time(s)
> >    ginnie/password from 222.73.37.221: 1 Time(s)
> >    giopre/password from 85.199.174.69: 1 Time(s)
> >    giorgia/password from 85.199.174.69: 1 Time(s)
> >    giovanni/password from 222.73.37.221: 1 Time(s)
> >    girl/password from 222.237.77.33: 1 Time(s)
> >    gisela/password from 222.73.37.221: 1 Time(s)
> >    giselle/password from 222.73.37.221: 1 Time(s)
> >    gladys/password from 222.73.37.221: 1 Time(s)
> >    glen/password from 222.73.37.221: 1 Time(s)
> >    glen/password from 85.199.174.69: 1 Time(s)
> >    glenn/password from 222.73.37.221: 1 Time(s)
> >    global/password from 222.73.37.221: 1 Time(s)
> >    gloria/password from 85.199.174.69: 1 Time(s)
> >
> > --
> > Paul A. Franz, P.E.
> > PAF Consulting Engineers
> > Office 425.641.8202
> > FAX 425.641.1773
> > Cell 425.241.1618
>
> --
> geek by nature, Linux by choice                     L I N U X       .~.
>                                                     The Choice      /V\
> http://vps.ourmanpann.com/oss/                       of a GNU      /( )\
>                                                     Generation     ^^-^^
>

Charles

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
pub  1024D/F88852DE 2008-06-25 Charles Hewson <cahewson at eskimo.com>
     Key fingerprint = 0779 BBA4 CF82 0707 288B  3B37 BDB7 3DC3 F888 52DE
sub  2048g/71B13048 2008-06-25 [expires: 2009-06-25]

	 (For info see http://www.gnupg.org)

Public key at - HTTP://WWW.ESKIMO.COM/~cahewson/pubkey.asc

More information about the linux-list mailing list