On Thu, Jun 12, 2008 at 11:09:43PM +0300, Tzafrir Cohen wrote: > > Additionally, you should install a brute-force-attack blocker: > > > > http://www.la-samhna.de/library/brutessh.html > > This is effectively another service listening. It is also a method for > an attacker to lock you out of the system. > > See, for instance, http://www.ossec.net/en/attacking-loganalysis.html .
Sure; all in-band methods suffer from the possibility of becoming DoS vectors. And yes, the fact that sshd doesn't quote that argument as it drops it into the syslog, making it easier to see bogusness, is a bad thing. But those log lines wouldn't fool *me*. And if they fool your log analysis system, then it's regexes aren't written tightly enough. And, back on point, that particular sshblocker doesn't give a damn what sshd writes in the syslog. And, no, it's actually not another service listening. Cheers, -- jra -- Jay R. Ashworth Baylink [EMAIL PROTECTED] Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users