[unisog] step up in SSH scanning starting today?

Darden, Patrick S. darden at armc.org
Tue May 13 17:13:43 GMT 2008

For *nix hosts:

"sshdautoban is a script intended to automatically ban, in real time, attackers that are trying to connect on your sshd service without authorization. It blocks connections from an IP address when it issues too many login errors."


Reqs are *nix, Perl, syslog, and hosts.deny.

--Patrick Darden

-----Original Message-----
From: unisog-bounces at lists.dshield.org
[mailto:unisog-bounces at lists.dshield.org]On Behalf Of Nagel, Lonnie
Sent: Tuesday, May 13, 2008 8:49 AM
To: UNIversity Security Operations Group
Subject: Re: [unisog] step up in SSH scanning starting today?


I would like to use your list as the basis for an ACL in my PIX (if it's
OK with you).  Not quite sure what to make of your 'last seen' column.
Can the digits be converted to some type of date/time stamp or similar?

More information about the unisog mailing list