Most days I get script kiddies working on my MS FTP servers with dictionary attacks. Zenoss flags these multiple failed login attempts really well. My question is, is there a way to get the IP address the attacker is coming from, into the event?
Currently I see the events on Zenoss and I log into the server, open the log files and get the IP address so that I can manually block them. In a perfect world, I would have the IP address in Zenoss and could script something to do the block automatically. A step back from that would be that I still manually do the block but at least the IP address is right there in Zenoss. Eventually we will put Cisco ASA's online which will hopefully eliminate much of this requirement but, for now, I am hoping that someone can point me in the correct direction. Thanks; James James Alspach Systems Applications Technician Shasta County Office of Education 1644 Magnolia avenue Redding, California 96003 [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> (530) 225-0293 IT Hotline: 225-0279 [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
_______________________________________________ zenoss-users mailing list [email protected] http://lists.zenoss.org/mailman/listinfo/zenoss-users
