Hello, I noticed that someone from a certain ip address has attempted to login as root at least 8 times within 48 seconds. According to the way I have DenyHosts configured this shouldn't have happened. Here are the relavent settings as well as the log data.
DENY_THRESHOLD_ROOT = 1 DAEMON_SLEEP = 5s Jun 28 07:52:02 hachiroku sshd[4863]: Failed password for root from 221.10.27.26 port 45696 ssh2 Jun 28 07:52:08 hachiroku sshd[4867]: Failed password for root from 221.10.27.26 port 46639 ssh2 Jun 28 07:52:15 hachiroku sshd[4871]: Failed password for root from 221.10.27.26 port 47432 ssh2 Jun 28 07:52:22 hachiroku sshd[4875]: Failed password for root from 221.10.27.26 port 48001 ssh2 Jun 28 07:52:29 hachiroku sshd[4879]: Failed password for root from 221.10.27.26 port 48889 ssh2 Jun 28 07:52:35 hachiroku sshd[4883]: Failed password for root from 221.10.27.26 port 49788 ssh2 Jun 28 07:52:43 hachiroku sshd[4887]: Failed password for root from 221.10.27.26 port 50453 ssh2 Jun 28 07:52:50 hachiroku sshd[4891]: Failed password for root from 221.10.27.26 port 51247 ssh2 DenyHosts (v2.5) is indeed working (it's blocked a number of hosts already) and it's running in daemon mode (with synching). Also, this would be a really great util for a perimiter router. Is there anything like that available? Thanks, Chris. Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
