[unisog] step up in SSH scanning starting today?
John Ives
jives at security.berkeley.edu
Wed May 14 14:53:46 GMT 2008
Couples, Christopher wrote:
> As a side note, someone mentioned autoban to programmatically add brute-forcing hosts to hosts.deny; I'd also like to plug denyhosts, a python script that can also be found on sourceforge. Are there other tools that are widely in use, or are most folks simply rolling their own?
>
We roled our own because we wanted to preemptively add the firewall
deny rules before the bad guys even gets to their computer. By having
our own list of who is attacking the campus we enabled both preventative
and reactive (check logs for successful connections from known
attackers) options. Besides which, this doesn't exclude the use of
reactive scripts like autoban, in fact own my own workstation, I use
OSSEC with an active-response script to block anything that gets past
our published list.
From an adoption perspective, it also helped that these IPs aren't just
attacking nameless hosts on the internet, they are actively attacking
the campus, which seemed to have grabbed our user's attention.
John
--
-------------------------------------------------------------------------
John Ives Phone (510) 642-7773
System & Network Security Cell (510) 229-8676
University of California, Berkeley
-------------------------------------------------------------------------
More information about the unisog
mailing list