Gentoo Archives: gentoo-security

From:	Gary Nichols <gary@××××××××××.org>
To:	gentoo-security@l.g.o
Subject:	Re: [gentoo-security] help blocking automated ssh scanning attack script
Date:	Sun, 07 Nov 2004 13:17:42
Message-Id:	`2C179793-30BF-11D9-915D-000A95C1BF32@linuxforce.org`
In Reply to:	[gentoo-security] help blocking automated ssh scanning attack script by "Brian G. Peterson"

1	Brian,
2
3	Is there a reason that you have to run ssh on the default port of 22?
4	I haven't run ssh on port 22 in years due to all the menacing kiddies
5	out there with their scripts.
6	I know this doesn't answer your question, but just a suggestion.
7
8	Gary
9
10
11	On Nov 7, 2004, at 6:10 AM, Brian G. Peterson wrote:
12
13	> Can anyone help me out with a simple log scanning script that could
14	> detect the
15	> 'illegal user xxx' strings in /var/log/secure and issue the
16	> "/sbin/iptables -I INPUT -s 221.232.128.2 -j DROP" command to shut
17	> these
18	> addresses down.
19
20
21	--
22	gentoo-security@g.o mailing list

Subject	Author
Re: [gentoo-security] help blocking automated ssh scanning attack script	"Brian G. Peterson" <brian@×××××××××.com>