This is result of last week discussion about port knockers.
Its my second bash script (first is my firewall), so any feedback will be
appreshiated ;)
usage: ./knocker.sh del
Path to config file is constant in knocker.sh.
del - is optional, simply deletes target chain
script has no limits on
sorry, does anyone know how to copy/paste in elinks?? I always screw
it up when I type it in.
http://transplant.dyndns.org/sv/strange_vagaries_codex/rubysyslog-ng-qmail-inject-handler/
I did it slower this time, let's see...
On 10/11/05, Robert Larson <[EMAIL PROTECTED]> wrote:
> On Tuesday 11 O
On Tuesday 11 October 2005 10:52 am, Noah K Tilton wrote:
> http://transplant.dyndns.org/sv/strange_vagaries_codex/rubysyslog-ng-qmail-
>inject-handler/
>
> /NKT
I can't seem to get this URL to work, I get a 404 error...
Regards,
Robert
--
gentoo-security@gentoo.org mailing list
On 10/11/05, Erik Anderson <[EMAIL PROTECTED]> wrote:
> On 10/11/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> >
> > I have a question:
> >
> > Is there an application/program which can send an email whenever this
> > ssh attack happen?
>
> You've already received a few other suggestions, but
On 10/11/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
> I have a question:
>
> Is there an application/program which can send an email whenever this
> ssh attack happen?
You've already received a few other suggestions, but I thought I'd
throw my personal favorite into the mix:
http://denyho
fail2ban is not on the Portage tree, you need to install it manually or
via a ebuild on a overlay, this was discussed in another thread in this
mailing list.
As per another discussion in this list, what you have to do is:
- create a local overlay: /usr/local/portage and then net-firewall/fail2ban
For the task of banning people trying to force their way into my server
I use the following combination:
portsentry + logwatch (and a bit of iptables to restrict access to
certain servers to certain clients).
portsentry will monitor certain ports and check for known attacks (the
SSH attack a
Jochen Maes wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey all,
ok one off my servers i keep on getting one iprange that tries to
login through ssh (200-300) attemps with other usernames.
This is probably a script that's being ran all the time, but the isp
doesn't mind, i allready se
On Tue, Oct 11, 2005 at 08:21:39AM -0400 or thereabouts, [EMAIL PROTECTED]
wrote:
> Is there an application/program which can send an email whenever this
> ssh attack happen?
Yes, Tenshi does exactly that.
http://www.gentoo.org/proj/en/infrastructure/tenshi/
We use it to receive summaries of al
[EMAIL PROTECTED] wrote:
>
> I have a question:
>
> Is there an application/program which can send an email whenever this
> ssh attack happen?
Yes, you need grep, mail, wc and a counter. But you don't want to do
this. I count round about 65000 failed login attempts in last 6 month.
> A few mont
Yes, you can set up triggers in syslog-ng
that will trigger based on failed ssh login attempts.
filter f_ssh_login_attempt {
program("sshd.*")
and match("(Failed|Accepted)")
and not match("Accepted (hostbased|publickey) for (root|zoneaxfr) from
(10.4.3.1)");
[EMAIL PROTECTED] wrote:
A few months ago I got 300 attempts which made me close ssh port
and stop using it for a while.
Why not change the external port to something other than 22?
Most of these attempts are scripts and only check the default port.
-c
Thanks
Alfredito
--
gentoo-secur
I have a question:
Is there an application/program which can send an email
whenever this
ssh attack happen?
A few months ago I got 300 attempts which made me close
ssh port
and stop using it for a while.
Thanks
Alfredito
Jochen Maes <[EMAIL PROTECTED]>
10/10/2005 05:52 AM
Please re
Danny a écrit :
I don't see it in portage, is it under a different name?
I'm really sorry for that Danny, it's my mistake. Portage is so
incredibly powerfull I thought fail2ban was in it. ;)
In fact I didn't remember that it is in my overlay as Chris mentionned.
So what you have to do is:
14 matches
Mail list logo
