This morning, I woke up to find one of my systems under hacker attack
(considerable multiple attempts to log in to ftp, ssh, etc., mostly using
system accounts). I loaded ipfw and set up a couple of quick rules to block
the point of origin. Unfortunately, the address appears to be DHCP'ed, so I
expect the hacker will at some point get a new address, and start over.

        Rather than having to hang over my machine is there any software out
there that will monitor logs (e.g. /var/log/messages), parse out failed logins
like this, and run an ipfw command to block it? Perhaps something can be done
via PAM? 

        An added extra bonus would be if it would unblock after some period
of time, in case a legit. user bungles their password, and can't get in
(saves the service call).

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to