El vie, 23-09-2005 a las 21:24 -0700, Ray Percival escribis: > [...] > > I wonder if it's possible to "fingerprint" these programs. I actually > > have a copy of the ssh-scanner that they use. I got it by looking at > > the hack logs on a Linux server and going to the same FTP site they > > used (anonymous ftp even ;). > I use the blocker script from this article. Seems to work pretty well. I'd > just block Linux but I have a few friends who have yet to see the OpenBSD > light. > http://www.undeadly.org/cgi?action=article&sid=20041231195454&mode=expanded
>From my experience only about 10% of the attackers come back to try again, so filtering after scanning logs is not worth it you don't have a huge amount of attacks. If your sshd_config is ok (AllowUsers is your friend), you're OK with updates, and you're using good passwords... you're safe. Let'em try. regards, Juanjo -- Desarrollo y sistemas: http://www.usebox.net/ Pagina Personal: http://www.usebox.net/jjm/