[EMAIL PROTECTED] wrote:
Why not drop packets from RIPE, or anyone not in the US? Heck why not firewall
Thats a good idea! that and lacnic. Level3 and rackspace get dropped as well.
off everyone? Eventually you will have hundreds of entries in your firewall.
So? the problem with this is?
There are a lot of new virus's, trojans out there and a few just happen to target SSH to see what noobs may have setup or left open these accounts with certain unnamed flavors of install package's. The latest being a bruitforce package that find one of these logins then attempts some local linux exploits. If it finds one it then installs itself and awaits for the machine to be rebooted. Then it starts scanning for other machines on your network to do the same to. The script it installs is called Suckit. "sk" is the application. 2400 attempts is very minor. Expect more as other machines get infected. And most likely the IP you blocked is just an infected machine looking for others. Install snort if you want local protection from this.
Ummm snorts only an IDS, it doesnt protect you from jack.
Brad Dameron Senior Linux Administrator SeaTab Software
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
