[UFO Chicago] Tripwire to shut off ssh access to a host?
Jordan Bettis
jordanb at hafd.org
Mon Nov 13 09:37:54 PST 2006
I've been getting tons and tons of login attempts
to my ssh server, with many different random
usernames "guest" etc. But also with smart(er)
usernames like root and news.
I just got several hundred login attempts against
root for instance in a single logcheck message.
Appearently this is just a worm? But it seems
to be smarter than any worm, as the variety of
usernames it uses and the number of attempts
it makes seem to be on the rise.
Of course they won't get in trying to use a
password against root or news, but it's filling
my logcheck messages and I really don't like the
idea of someone hammering on my ssh server day
in and day out.
ISTR a program that uses netfilter to automatically
block hosts that fail login to ssh x number of
times. It's not 'tripwire' though, which would
be the obvious, that does something entirely
different.
Does anyone know what that program is, as I
can not find it now in debian stable.
--
Jordan Bettis <http://www.hafd.org/~jordanb>
More information about the ufo
mailing list