[SGVLUG] ssh breakins

Greg Stark gstark at electrorent.com
Fri Aug 4 09:10:43 PDT 2006


James,
What flavor of Linux are you using?  

>I wrote a script that went through and pulled out the IP addresses from
>the log files and added them to my iptables drop list.  I also
>researched some of them, with the help of WHOIS from Network Solutions
>web pages, and found the ones coming from eastern Europe and Asia.  I
>banned entire subnets (some */7) from ever getting to my network again. 

Would you mind posting a copy of your script?  I'd be interested in seeing
how you are doing it.

>I always thought it would be fun to write a script (somehow trigger it
>by the ssh dameon upon receiving a failed login attempt) that would
>automatically portscan and DoS on the offending client. 

How about an hourly CRON job like WEBILIZER to process the log?

Greg




More information about the SGVLUG mailing list