Igor schrieb:
Hello people,
I guess all servers with ssh enable on default port has problems with
brute force.. and isn't different on my server :)
And after a lot of failed tries my "system.log" gets corrupted.. like:
[EMAIL PROTECTED] ~]# tail -n3 /var/log/system.log
Aug 30 15:44:22 bzrouter01 sshd[58326]: Invalid user guest from 200.128.80.174
Aug 30 15:44:22 bzrouter01 sshd[58326]: Failed password for invalid
user guest from 200.128.80.174 port 56056 ssh2
Aug 30 15:44:22 bzrouter01 sshd[58328]: Invalid user master from
200.128.CLOG?S|[EMAIL PROTECTED] ~]#
I've two questions:
1) There are a simple way to detect and block brute force? I ready in
some place to use snort... and I've installed and I guess is
configured correctly, but doesn't block anyone.
2) Is normal this error on "system.log"?
Thanks in advance
Igor Macedo
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Hi Igor,
i´m using fail2ban on my linux boxes at present. You can find it at
fail2ban.org
it´s watching the syslog auth facility of the syslog for given regex
matches and blocks them via pf or iptables.
maybe that´s something for you.
kind regards
Christian
( [EMAIL PROTECTED] ) not real don´t use.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
