On Mon, 2005-10-03 at 10:47 -0700, Alvin Oga wrote: > <sticking my bloody toe into a hungry shark filled pond> > if so, sshd is still responding to incoming ssh connection on other ports > </toe>
One of my servers has been getting vast "free security audits" too. My sshd allows only key logins, but still logs the connection attempts as a failed login. Sometimes a bad password, sometimes a bad user, sometimes a bad key. But always a failure and always on port 22. I wrote a little shell script for cron that scans the ssh log every minute for these failures, and has ipchains block the IP (with a whitelist). The size of the ssh log has decreased by about 90%. FWIW, the script the kiddies are using seems to go away after 3 failed logins. -- Glenn English [EMAIL PROTECTED] GPG ID: D0D7FF20 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
