[SlugLUG] War Stories
cerise at armory.com
cerise at armory.com
Mon Jun 12 13:14:14 PDT 2006
Worth noting -- there's also snort.
-Phil/CERisE
On Mon, Jun 12, 2006 at 07:36:09AM -0700, squid wrote:
> >So, I had a -lot- of fun earlier today reading through my logfiles. It turns
> >out yesterday I was the subject of a massive brute-force attempt to break in
> >to my system. I took some appropriate steps and confirmed that the machines
> >that were doing the probing were part of a zombie-net.
>
> As the others said deny'ing root logins via sshd.conf is the easiest way. If its a possibility you can also use iptables to filter 22/tcp (ssh) to only the hosts that need to login to your system. Take a look at logwatch you can configure it to
> email you about everything going on with your box. Its pretty nifty.
>
> -paul
> paul at csumb.edu
>
> _______________________________________________
> Sluglug mailing list
> Sluglug at sluglug.ucsc.edu
> http://sluglug.ucsc.edu/cgi-bin/mailman/listinfo/sluglug
More information about the Sluglug
mailing list