martin f krafft <[EMAIL PROTECTED]> writes: > Are there any distinctive marks in the SSH login attempt that one > could filter on?
Yes, the SSH banner: my honeyd logs show that of all such attempts, 63% use the banner 'SSH-2.0-windrone2', 35% use the banner 'SSH-2.0-libssh-0.1'. -- ,''`. : :' : Romain Francoise <[EMAIL PROTECTED]> `. `' http://people.debian.org/~rfrancoise/ `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
