[wplug] lousy european crackers
Patrick Wagstrom
pwagstro at andrew.cmu.edu
Mon Sep 27 12:58:12 EDT 2004
Sounds like you're a perfect candidate for portsentry and logsentry from
Psionic. These fellows work together with IPTables to lock down your
computer. I used them on my server with a good degree of success. The
downside is that if you're not careful you'll end up locking yourself
out.
Unfortunately, Psionic got bought out by the man (Cisco). I think there
is a open source version on SourceForge under the name "sentrytools".
--Patrick
On Mon, 2004-09-27 at 12:18, Brandon Kuczenski wrote:
> Lately I've been getting numerous (i.e. >20) attempted logins from such
> accounts as root, daemon, www, news, uucp, etc from the same IP address on
> any given day (though the IP address changes from day to day). Is anyone
> aware of a configuration option for sshd that will freeze out a given IP
> address after a specified number of failed logins? Barring that, is there
> another way to achieve the same effect?
>
> FWIW, none of the non-user accounts, including root, are permitted to
> login over ssh.
>
> -Brandon
>
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
>
More information about the wplug
mailing list