On Aug 8, 2006, at 10:40 PM, Andrew Lentvorski wrote:
I'm seeing a lot of attempts like these:Aug 3 15:19:49 <4.6> mail sshd[19457]: Illegal user pcap from 164.100.28.85Is there any way to identify the brute forcing and block them?
I've been looking at DenyHosts: http://denyhosts.sf.netIt runs periodically from cron, checks your syslogs, and adjusts iptables rules.
There's also sshdfilter: http://www.csc.liv.ac.uk/~greg/sshdfilter/That actually wraps sshd to intercept syslog messages in real-time and adjust iptables rules.
Not sure what to suggest if you're on another platform, though. Gregory -- Gregory K. Ruiz-Ade <[EMAIL PROTECTED]> OpenPGP Key ID: EAF4844B keyserver: pgpkeys.mit.edu
PGP.sig
Description: This is a digitally signed message part
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
