[SLL] bad login attempts
Brian Lane
bcl at brianlane.com
Mon Jul 28 22:32:44 PDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul A. Franz, P.E. wrote:
> Some days I get hit with many thousands of login probes. A clip of a few entries from
> the logs follows. I've got a couple of questions.
>
> 1) Should "lastb -a" show anything for all these? I show none.
>
> 2) I'm thinking that I'd like to use IPTables to drop all traffic from that IP once a
> specified count of bad logins has occurred within say, 1 minute. Any suggestions on
> how to do this?
>
Move the port that you are running openssh on to some place other than
port 22. Problem solved without mucking with iptable settings, all these
are are scripts knocking on the door. Move the door and the logs get
alot less noisy.
I'm not a big fan of automated responses to scanning and password
attempts. Too many things could go wrong, like locking yourself out on
accident (no, I haven't done that myself!).
Brian
- --
- ---[Office 71.4F]--[Outside 60.7F]--[Server 102.4F]--[Coaster 67.7F]---
Software, Linux, Microcontrollers http://www.brianlane.com
AIS Parser SDK http://www.aisparser.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Remember Lexington Green!
iD8DBQFIjqt8Iftj/pcSws0RAvXpAJoDiPJ+rpJjXZCHK7d2J+v0bPsTlgCfeAxI
ZvJu/sbSkwBFEeXVoPJ8e/8=
=i8hk
-----END PGP SIGNATURE-----
More information about the linux-list
mailing list