On Wed, 29 Sep 2004 16:10:58 -0400 Nicolas <[EMAIL PROTECTED]> wrote:
> > > So, my question is this. Is there a way to tell ssh to refuse > > connections from an ip address after a certain number of failed > > login attempts, or is snort the only way to do something like this? > > So far I've been taking the manual approach, blocking the ip address > > with my firewall after I see it hitting the logs, but that can give > > them about an hour to play before I notice it (e-mailed to me by > > logcheck). > > > > Any suggestions? > > If you dont have to much user who log in your server, you can allow > only them from specific IP to log in. Or you can disable the password > facility and only use keys (we do it this way at the job, It's also > what I do at home). That would work for the server that's currently having problems, but not all of my servers, unfortunately. > Nic Cola > > P.S. > Just for the fun of it, you can also tarpit the IP of the script > kiddy ;o) I'd love to, but I need a way to automate it to make it practical. I'm noticing that very few of these attempts are coming from cable or dsl users. Most of them seem to be coming from some remote machine inside a large webhosting company. I haven't been able to determine if the box was taken over by crackers or the users are abusing it; though my guess is crackers. Either way they're a pest. Thanks, Jacob -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
