On Fri, 2004-10-15 at 04:09, Vulpes Velox wrote:
Doesn't Portsentry ignore ports that have a service bound to them
like the SSH daemon? In that case, it wouldn't help Brian's problem,
since ssh is running, portsentry would ignore any attacks to port
22, right?
Move it and the like to a
Doesn't Portsentry ignore ports that have a service bound to them like
the SSH daemon? In that case, it wouldn't help Brian's problem, since
ssh is running, portsentry would ignore any attacks to port 22, right?
___
[EMAIL PROTECTED] mailing list
Frankly I hadn't thought of that. You can configure portsentry to monitor
any port *and* to ignore certain hosts, so I would think it could monitor
port 22 although I haven't tested it personally.
--On Thursday, October 14, 2004 02:07:24 PM -0500 Peter Pauly
[EMAIL PROTECTED] wrote:
Doesn't
On Thu, 14 Oct 2004 14:07:24 -0500
Peter Pauly [EMAIL PROTECTED] wrote:
Doesn't Portsentry ignore ports that have a service bound to them
like the SSH daemon? In that case, it wouldn't help Brian's problem,
since ssh is running, portsentry would ignore any attacks to port
22, right?
Move it
All,
This morning, I woke up to find one of my systems under hacker attack
(considerable multiple attempts to log in to ftp, ssh, etc., mostly using
system accounts). I loaded ipfw and set up a couple of quick rules to block
the point of origin. Unfortunately, the address appears to be
--On Wednesday, October 13, 2004 10:04:24 AM -0400 Brian J. McGovern
[EMAIL PROTECTED] wrote:
Rather than having to hang over my machine is there any software out
there that will monitor logs (e.g. /var/log/messages), parse out failed
logins like this, and run an ipfw command to block it?