[wplug] Re: reporting break-in attempts? (was: Any tips against
this kind of ssh break-in?)
Joe Topjian
joetopjian at gmail.com
Sun Jul 17 16:03:08 EDT 2005
> Well stated. I totally share your viewpoint. If somebody comes up with an
> idea that might work, I am behind it. Perhaps a petition to a congressman
> signed by members of WPLUG or "W PA user community"?
>
> Of course, this lack of action traces back to when congress did try to
> outlaw pornography. I bet that many of our members joined the chorus of
> "Don't go there, you are restricting our privacy". If you were a
> congressman, you wouldn't again lift a finger to help after that debacle. I
> guess the Internet community deserves what it gets in this respect.
I think Brady might have been talking about a more technical solution
rather than political. And if he was talking about a political
solution then I'm sorry for this email :)
Such a solution wouldn't be /too/ hard to implement. You would need 3
pieces: reporting, storage, retrieval.
Reporting could be a simple script that scans logs and reports
anything that has had x incorrect tries. You could then use something
(maybe xmlrpc?) to report the ips to a central host. As for
retrieval, I wouldn't restrict it to one software option (like
tcpwrappers or iptables syntax only) but maybe just download the list
of ipaddresses in plaintext in do what you want with them.
So, I guess it's possible.. but there are some downsides to it.. look
at email RBLs.. they can be good and bad at the same time.
Just my two cents :)
--
Joe Topjian
email: joetopjian at gmail.com
web: http://adminspotting.net
More information about the wplug
mailing list