On Thu, 2004-10-28 at 03:37, HaJo Schatz wrote: > > I do see more brute force attempts @ ssh these days and start wondering > how much longer some script kiddie needs to make the algortihm a bit more > clever (and eg attack user names on certain hosts which are likely to > exist. This could be harvested eg from email addresses...). > > I have hacked a script which tails /var/log/secure and reacts on attempts > to log in as root with password. Such offending IPs are then denied port > 22 access. Any comments, positive or negative, on this? Just be careful how you set this up. If the hacker figures out you are performing automatic blocks they can write a script to spoof addresses and cause your system to auto block addresses that you might want to allow. You may want to look at snort. I believe they have various options that allow you to trigger on suspicious behavior and take similar actions if you want. Seemed like a fairly extensive scripting capability was available. Just watch out that you don't cause your own DOS attack on your system. -- Scot L. Harris webid@xxxxxxxxxx He who loses, wins the race, And parallel lines meet in space. -- John Boyd, "Last Starship from Earth"
