[CentOS] One approach to dealing with SSH brute force attacks.
John Horne
john.horne at plymouth.ac.ukMon Feb 4 15:12:11 UTC 2008
- Previous message: [CentOS] One approach to dealing with SSH brute force attacks.
- Next message: [CentOS] One approach to dealing with SSH brute force attacks.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 2008-01-30 at 13:11 -0800, Bill Campbell wrote: > On Wed, Jan 30, 2008, Brian Mathis wrote: > ... > > > >Log parsing scripts often don't provide the immediacy that rate > >limiting does when under attack. You'd have to run the script > >constantly parsing logs, since most ssh scans come in bursts. > > We use swatch for this and othter interesting events (e.g. NICs > being put in promiscuous mode). It continually monitors one or > more log files using gnu-tail in a perl script, and can do > various things depending on a configuration file. It can send > e-mail notifications and/or execute scripts which can do anything > your heart desires. > Hello, Do you have any specific swatch config lines for detecting ssh brute-force attacks? If so would you care to share them? (off-list if you prefer). Likewise we use swatch for general log monitoring, and have it report back anything unusual to our central monitoring system (Big Brother). John. -- --------------------------------------------------------------- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: John.Horne at plymouth.ac.uk Fax: +44 (0)1752 233839
- Previous message: [CentOS] One approach to dealing with SSH brute force attacks.
- Next message: [CentOS] One approach to dealing with SSH brute force attacks.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list