Re: repeated ssh login attempts/failure/break-in attempts from kiddy script

2006-04-02 Thread Peter N. M. Hansteen
Nathan Vidican [EMAIL PROTECTED] writes: ie: after 4 failed attempts from IP _BLANK_ in less than _BLANK_ minutes, deny all attempts and drop connection from said IP... possible? using pf, this is astoundingly easy, see eg http://www.bgnett.no/~peter/pf/en/bruteforce.html If you go down

repeated ssh login attempts/failure/break-in attempts from kiddy script

2006-03-31 Thread Nathan Vidican
Noted recently in auth.log, a string of connection attempts repeated/failed over and over from one host - looks like a script someone's running, tries all kinds of various usernames, etc... attempts like 100-200 logins, fails and goes away. Few hours go by, and another such attempt, from a

Re: repeated ssh login attempts/failure/break-in attempts from kiddy script

2006-03-31 Thread Pat Maddox
Disable password-based logins (use keys instead), move SSH to another port, or install some kind of brute force monitor. First two options are the best, but if for some reason you need to keep it on 22 and password-based logins then look to a BF monitor. Just make sure you actually need it..and

Re: repeated ssh login attempts/failure/break-in attempts from kiddy script

2006-03-31 Thread albi
Nathan Vidican wrote: Noted recently in auth.log, a string of connection attempts repeated/failed over and over from one host - looks like a script someone's running, tries all kinds of various usernames, etc... attempts like 100-200 logins, fails and goes away. Few hours go by, and another

Re: repeated ssh login attempts/failure/break-in attempts from kiddy script

2006-03-31 Thread Bob Johnson
On 3/31/06, Nathan Vidican [EMAIL PROTECTED] wrote: Noted recently in auth.log, a string of connection attempts repeated/failed over and over from one host - looks like a script someone's running, tries all kinds of various usernames, etc... attempts like 100-200 logins, fails and goes away.

RE: repeated ssh login attempts/failure/break-in attempts from kiddy script

2006-03-31 Thread fbsd_user
Vidican Sent: Friday, March 31, 2006 8:43 AM To: [EMAIL PROTECTED] Subject: repeated ssh login attempts/failure/break-in attempts from kiddy script Noted recently in auth.log, a string of connection attempts repeated/failed over and over from one host - looks like a script someone's running, tries

Re: repeated ssh login attempts/failure/break-in attempts from kiddy script

2006-03-31 Thread Paul Schmehl
--On Friday, March 31, 2006 08:42:30 -0500 Nathan Vidican [EMAIL PROTECTED] wrote: Noted recently in auth.log, a string of connection attempts repeated/failed over and over from one host - looks like a script someone's running, tries all kinds of various usernames, etc... attempts like 100-200

Re: repeated ssh login attempts/failure/break-in attempts from kiddy script

2006-03-31 Thread J65nko
On 3/31/06, Nathan Vidican [EMAIL PROTECTED] wrote: Noted recently in auth.log, a string of connection attempts repeated/failed over and over from one host - looks like a script someone's running, tries all kinds of various usernames, etc... attempts like 100-200 logins, fails and goes