Gentoo Logo

About | Projects | Docs | Forums | Lists | Bugs | Get Gentoo! | Support | Planet | Wiki

Gentoo Spaceship
Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Gary Nichols <gary@...>
Subject: Re: help blocking automated ssh scanning attack script
Date: Sun, 7 Nov 2004 06:16:02 -0700 
Brian,

Is there a reason that you have to run ssh on the default port of 22?   
I haven't run ssh on port 22 in years due to all the menacing kiddies 
out there with their scripts.
I know this doesn't answer your question, but just a suggestion.

Gary


On Nov 7, 2004, at 6:10 AM, Brian G. Peterson wrote:

> Can anyone help me out with a simple log scanning script that could 
> detect the
> 'illegal user xxx' strings in /var/log/secure and issue the
> "/sbin/iptables -I INPUT -s 221.232.128.2 -j DROP" command to shut 
> these
> addresses down.


--
gentoo-security@g.o mailing list
Replies:
Re: help blocking automated ssh scanning attack script
-- Brian G. Peterson
References:
Trojan for Gentoo, part 2
-- Alexander Holler
Re: Trojan for Gentoo, part 2
-- Chris Frey
help blocking automated ssh scanning attack script
-- Brian G. Peterson
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
help blocking automated ssh scanning attack script
Next by thread:
Re: help blocking automated ssh scanning attack script
Previous by date:
help blocking automated ssh scanning attack script
Next by date:
Is anybody else worried about this? (was: Trojan for Gentoo, part 2)


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.