[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: ssh scans
On Mon 26 Oct 2009 at 12:42:57 -0700, David Wetzel wrote:
> I am seeing a lot of ssh scans and I am wondering if somebody has a
> solution like adding the bad hosts temporary to pf.conf or so?
I use pam_af, which hooks into PAM. It is in pkgsrc: security/pam-af.
It blocks IP addresses that try (and fail) more than N logins in M
seconds for O time.
The bad guys try to get around this, however. I have seen login attempts
with fairly consistent interval from all kinds of different sources.
That clearly was coordinated, since the interval alwas was between 1 and
I wish sshd would log passwords in these cases. I'm quite interested in
knowing which passwords they try.
___ Olaf 'Rhialto' Seibert -- You author it, and I'll reader it.
\X/ rhialto/at/xs4all.nl -- Cetero censeo "authored" delendum esse.
Main Index |
Thread Index |