Hi List,
like anybody on the net i have these problems too, and was bored with
scrolling the endless logs. So i decided to put an end to it. Here is
a (rather small but effective and a bit blunt )script to put a stop to
this annoying behaviour ;-p
#!/bin/bash
tail -0f /var/adm/messages |while read line;
do echo "$line"|awk '/Invalid user/ {printf ("block in quick
on bge1 proto tcp from %s to any port = 22 keep state\n",$NF)}' |ipf
-f -;
done
as you all can see this is for a solaris 10 box (ipf) if you want to
make it work for linux you could do something like this this;
tail -0f /var/log/messages |while read line; do echo $line|awk
'/Invalid user/{printf $NF}' |cut -b 8-|xargs -i iptables -A INPUT -p
tcp -m multiport --destination-ports 22 -s {} -j DROP; done
I know there are better ways to script this but hey, its quick and it
works for me so perhaps its usefull for you guys/girls too :-)
Rgds
Dax Hoes
On 3 Mar 2006 05:14:44 -0000, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> I have many SSH scans in my large academic network. IMO scanning hosts are
> Windows zombies.
>
> /p
>
