Re: [sec] Re: failed root login attempts

2004-09-20 Thread maximilian attems
On Sun, 19 Sep 2004, martin f krafft wrote: > also sprach Noah Meyerhans <[EMAIL PROTECTED]> [2004.09.19.2219 +0200]: > > As an additional point against these scripts, they are host based. > > If I'm going to bother blackholing the source of these login > > attempts, I'm going to do it at the bord

Re: failed root login attempts [SCANNED]

2004-09-20 Thread Ryan Carter
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Thurman wrote: | On 9/19/04 1:30 PM, "martin f krafft" wrote: | | |>Other than blacklisting the IPs (which is a race I am going to |>lose), what are people doing? Are there any distinctive marks in the |>SSH login attempt that one could filter on?

Re: failed root login attempts

2004-09-20 Thread Stephen Frost
* Noah Meyerhans ([EMAIL PROTECTED]) wrote: > As an additional point against these scripts, they are host based. If > I'm going to bother blackholing the source of these login attempts, I'm > going to do it at the border. Yes, I can write scripts to react to this > kind of scanning and have it au

Re: Debian Hardened project (question about use of the "Debian" trademark)

2004-09-20 Thread Steve Kemp
On Sat, Sep 18, 2004 at 01:51:53PM +0200, Lorenzo Hernandez Garcia-Hierro wrote: > - We put first the patched GCC & Glibc packages (Steve, your 2 cents :D) > - We send an advice to the mailing-lists, we write a little "guideline" > for new development way, telling what the developer needs (and wha

Re: failed root login attempts [SCANNED]

2004-09-20 Thread David Thurman
On 9/19/04 1:30 PM, "martin f krafft" wrote: > Other than blacklisting the IPs (which is a race I am going to > lose), what are people doing? Are there any distinctive marks in the > SSH login attempt that one could filter on? We are using our hosts.deny files to stop all ssh attempts from ALL IP

Re: failed root login attempts

2004-09-20 Thread martin f krafft
also sprach Arthur de Jong <[EMAIL PROTECTED]> [2004.09.20.1201 +0200]: > sshd[21195]: debug1: no match: libssh-0.1 I wonder whether sshd could be somehow made to just ignore when the banner does not match. > I'm not particularly worries since I have PermitRootLogin > without-password in /etc/ssh

Re: failed root login attempts

2004-09-20 Thread Arthur de Jong
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 19 Sep 2004, martin f krafft wrote: > Are there any distinctive marks in the SSH login attempt that one could > filter on? The volume in attempts isn't as high here as on your system bug this is what I got when I set loglevel to debug: sshd[