[Dshield] SSH threats

Don Wilder don.wilder at gmail.com
Mon Oct 1 18:28:34 GMT 2007


I use an iptables script setup that will add the ip address of someone
attempting to log into my servers with an invalid name or any of the common
services. The block list I have now has grown pretty large from all the
scans, but once in the blocked list they get cut off from all services.


On 10/1/07, Tomas L. Byrnes <tomb at byrneit.net> wrote:
>
> What are your thoughts on running a block list derived from the denyhosts
> network data on your firewall?
>
> I guess that the block list could be polluted by someone using the
> injection technique across a large number of hosts, but how likely is that?
>
> _________________________________________
> SANS Network Security 2007 in Las Vegas September 22-30. 39 courses,
> SANS top instructors.  http://www.sans.org/info/9346
>



-- 
---------------------------------------------
Don Wilder
Senior Analyst
---------------------------------------------

Programming today is a race between software engineers striving to build
bigger and better idiot-proof programs, and the Universe trying to produce
bigger and better idiots. So far, the Universe is winning.


More information about the list mailing list