[Dshield] SSH threats
Tomas L. Byrnes
tomb at byrneit.net
Tue Oct 2 02:20:39 GMT 2007
How do you handle the "scorched earth" problem? Many attacking IPs are
dynamic.
> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Don Wilder
> Sent: Monday, October 01, 2007 11:29 AM
> To: General DShield Discussion List
> Subject: Re: [Dshield] SSH threats
>
> I use an iptables script setup that will add the ip address
> of someone attempting to log into my servers with an invalid
> name or any of the common services. The block list I have now
> has grown pretty large from all the scans, but once in the
> blocked list they get cut off from all services.
>
>
> On 10/1/07, Tomas L. Byrnes <tomb at byrneit.net> wrote:
> >
> > What are your thoughts on running a block list derived from the
> > denyhosts network data on your firewall?
> >
> > I guess that the block list could be polluted by someone using the
> > injection technique across a large number of hosts, but how
> likely is that?
> >
> > _________________________________________
> > SANS Network Security 2007 in Las Vegas September 22-30. 39
> courses,
> > SANS top instructors. http://www.sans.org/info/9346
> >
>
>
>
> --
> ---------------------------------------------
> Don Wilder
> Senior Analyst
> ---------------------------------------------
>
> Programming today is a race between software engineers
> striving to build bigger and better idiot-proof programs, and
> the Universe trying to produce bigger and better idiots. So
> far, the Universe is winning.
> _________________________________________
> SANS Network Security 2007 in Las Vegas September 22-30. 39
> courses, SANS top instructors. http://www.sans.org/info/9346
>
More information about the list
mailing list