[svlug] Need a script that will add pwdfail IPs to shorewall blacklist

Breen Mullins bpm at idiom.com
Sat Nov 5 12:47:50 PST 2005

Previous message: [svlug] Need a script that will add pwdfail IPs to shorewall blacklist
Next message: [svlug] Need a script that will add pwdfail IPs to shorewall blacklist
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Nov 05, 2005 at 11:17:36AM -0800, David E. Fox wrote:
> I haven't run across something writing to that file, but I too had
> numerous failed attempts (ssh attacks) recently - these were logged
> into /var/log/auth.log. Doing some greps I found attempts from one or
> two places (whois pointed to somewhere in Korea) in the hundreds if not
> thousands of lines. These were looking for "typical" accounts on a
> system. 
> 

My current high-water mark for ssh attempts is 4444 from a single IP.

Attempts have dropped to almost nil since I put all of APNIC's /8s into 
/etc/sysconfig/iptables.

Breen
-- 
Breen Mullins
Menlo Park, California

Previous message: [svlug] Need a script that will add pwdfail IPs to shorewall blacklist
Next message: [svlug] Need a script that will add pwdfail IPs to shorewall blacklist
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list