Gentoo Archives: gentoo-user

From: Adam Carter <Adam.Carter@×××××××××.au>
To: "gentoo-user@l.g.o" <gentoo-user@l.g.o>
Subject: RE: [gentoo-user] Curious pattern in log files from ssh...
Date: Thu, 04 Dec 2008 22:51:05
Message-Id: 5602B0BD6D59AE4791BE83104940118D3C05D826@excprdmbxw002.optus.com.au
In Reply to: RE: [gentoo-user] Curious pattern in log files from ssh... by Adam Carter
1 > > Also take a note that there are no "known-compromised hosts"
2 >
3 > What about hosts listed in RBLs?
4 > http://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists. It
5 > would be interesting to see if how much correlation there is
6 > between ssh brute forcing bots and the contents of the various lists.
7
8 Maybe http://wiki.duskglow.com/tiki-index.php?page=Packetbl "PacketBL is a program that uses DNS blocklists to determine whether to accept or reject packets"
9
10 Used with dnsbl.ahbl.org "Aggregate zone, contains UCE/bulk email senders, open proxies, open relays, trojaned/infected machines, comment/trackback spammers"
11
12 would be a good solution.