It's not a big issue, but I'm wondering if there is a DNSBl that lists IPs that are engaging in brute force ssh attacks. And if there is such a list, is there a way to integrate that information into a firewall or sshd.

As I've said this really isn't a big issue for me, as the brute force attempts at sshd are nothing but an annoyance as I review logs.

The attacks that I'm seeing appear to be coordinated and distributed. That is, there will be one attempt on username "fred" from one IP immediately followed by an attempt on "freddy" from another IP followed by an attempt on "fredrick" from a third source and so on.



Jeffrey Goldberg              

_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to