[unisog] step up in SSH scanning starting today?

John Ives jives at security.berkeley.edu
Wed May 14 14:53:46 GMT 2008

Couples, Christopher wrote:
> As a side note, someone mentioned autoban to programmatically add brute-forcing hosts to hosts.deny; I'd also like to plug denyhosts, a python script that can also be found on sourceforge. Are there other tools that are widely in use, or are most folks simply rolling their own?

We roled our own because we wanted to preemptively add the firewall
deny rules before the bad guys even gets to their computer.  By having 
our own list of who is attacking the campus we enabled both preventative 
and reactive (check logs for successful connections from known 
attackers) options. Besides which, this doesn't exclude the use of 
reactive scripts like autoban, in fact own my own workstation, I use 
OSSEC with an active-response script to block anything that gets past 
our published list.

 From an adoption perspective, it also helped that these IPs aren't just 
attacking nameless hosts on the internet, they are  actively attacking 
the campus, which seemed to have grabbed our user's attention.


John Ives                                           Phone (510) 642-7773
System & Network Security			     Cell (510) 229-8676
University of California, Berkeley

More information about the unisog mailing list