Note to LEAF users on ssh logins

Garance A Drosihn drosih at rpi.edu
Thu Mar 3 15:01:21 PST 2005


At 7:23 PM -0800 3/2/05, Matthew Dillon wrote:
    Leaf and, in fact, all of my machines which have open ssh
    ports are getting random hack attempts, about 20-30 a day in
    short bursts, usually from a different IP address each day.

    I am rather disquieted by the continuous attempts so I have
    written and intalled a little program to monitor the syslog
    which will automatically block failed password or illegal
    user login attempts.
A friend of mind recently wrote something similar, using perl.
His was written for FreeBSD and ipfw, but would be easy to
adapt.  The main difference is that his setup supports the
idea that these ipfw rules should expire after awhile.
http://www.chrismasto.com/software/ssh_ipfw/

I haven't used this at all, but a few of my friends have been
using it for a few weeks, so it might be interesting to look at.
--
Garance Alistair Drosehn            =   gad at xxxxxxxxxxxxxxxxxxxx
Senior Systems Programmer           or  gad at xxxxxxxxxxx
Rensselaer Polytechnic Institute    or  drosih at xxxxxxx




More information about the Users mailing list