Hi yah, Can anyone tell me how to stop this idiot from scanning the servers, have changed the port of ssh a while back so I'm not fussed about the port 22 scan and portsentry and IP Chains are doing their thing. But this is happening nearly every day now, has anyone else seen scans from this source...
Portsentry had an alert to ns.xxxxxxxxxxxxxxx.com from the following IP address and port: 211.174.38.152 22 < ------ This IP Changes all the time Service: ssh 22/tcp SSH Remote Login Protocol ssh 22/udp SSH Remote Login Protocol # Si Becker <[EMAIL PROTECTED]> <------- This is constant as is the ports being scanned The other thing is there a script or method of cleaning the host.deny file after a certain amount of days - the deny file is starting to get a bit big now and I think I can recollect someone mentioning there was problems after a certain amount of IP's got listed...could have picked that up wrong though :> Hope everyone had a pleasant Xmas Regards form Auckland Chae _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
