[Dshield] SSH threats

Tomas L. Byrnes tomb at byrneit.net
Tue Oct 2 02:20:39 GMT 2007


How do you handle the "scorched earth" problem? Many attacking IPs are
dynamic.

 

> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Don Wilder
> Sent: Monday, October 01, 2007 11:29 AM
> To: General DShield Discussion List
> Subject: Re: [Dshield] SSH threats
> 
> I use an iptables script setup that will add the ip address 
> of someone attempting to log into my servers with an invalid 
> name or any of the common services. The block list I have now 
> has grown pretty large from all the scans, but once in the 
> blocked list they get cut off from all services.
> 
> 
> On 10/1/07, Tomas L. Byrnes <tomb at byrneit.net> wrote:
> >
> > What are your thoughts on running a block list derived from the 
> > denyhosts network data on your firewall?
> >
> > I guess that the block list could be polluted by someone using the 
> > injection technique across a large number of hosts, but how 
> likely is that?
> >
> > _________________________________________
> > SANS Network Security 2007 in Las Vegas September 22-30. 39 
> courses, 
> > SANS top instructors.  http://www.sans.org/info/9346
> >
> 
> 
> 
> --
> ---------------------------------------------
> Don Wilder
> Senior Analyst
> ---------------------------------------------
> 
> Programming today is a race between software engineers 
> striving to build bigger and better idiot-proof programs, and 
> the Universe trying to produce bigger and better idiots. So 
> far, the Universe is winning.
> _________________________________________
> SANS Network Security 2007 in Las Vegas September 22-30. 39 
> courses, SANS top instructors.  http://www.sans.org/info/9346
> 



More information about the list mailing list