Thomas Cameron wrote: >>Hi there, >> >>I know this is not the correct forum to ask this question, but I have to >>start somewhere....... >> >>I have a friend with a linux firewall box. >>There appears to be a very simple minded hacker trying to do simple ssh >>password attacks on this box. >> >>I have been using whois and reporting this to each ISP he/she is coming >>from >>but he/she just breaks into a different machine on an new ISP and tries >>again. >> >>Is there something more I can do to track this person down? >>Thanks. > > > > As others have said, it's more than likely script kiddy on a compromised > machine. A recent thread on the Fedora-test list had a really cool set of > firewall rules to fight this. Check out > > https://www.redhat.com/archives/fedora-test-list/2005-August/msg00082.html > > for the rule. > > Thomas > You could also install and configure pam_abl from Fedora extras. For configuration see the included README.Fedora. Summary : A Pluggable Authentication Module (PAM) for auto blacklisting Description : Provides auto blacklisting of hosts and users responsible for repeated failed authentication attempts. Generally configured so that blacklisted users still see normal login prompts but are guaranteed to fail to authenticate. A command line tool allows to query or purge the databases used by the pam_abl module. -- Sjoerd Mullender
Attachment:
signature.asc
Description: OpenPGP digital signature
