Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: RE: Internet SSH scans

from [Daxomatic] Network Security [Permanent Link]
Subject: Re: RE: Internet SSH scans
Date: Fri, 3 Mar 2006 16:06:05 +0100 
Hi List,

like anybody on the net i have these problems too, and was bored with
scrolling the endless logs.  So i decided to put an end to it. Here is
a (rather small but effective and a bit blunt )script to put a stop to
this annoying behaviour ;-p

#!/bin/bash
tail -0f /var/adm/messages |while read line;
        do echo "$line"|awk '/Invalid user/ {printf ("block in quick
on bge1 proto tcp from %s to any port = 22 keep state\n",$NF)}' |ipf
-f -;
        done

as you all can see this is for a solaris 10 box (ipf) if you want to
make it work for linux you could do something like this this;

tail -0f /var/log/messages |while read line; do echo $line|awk
'/Invalid user/{printf $NF}' |cut -b  8-|xargs -i iptables -A INPUT -p
tcp -m multiport --destination-ports 22 -s {} -j DROP; done

I know there are better ways to script this but hey, its quick and it
works for me so perhaps its usefull for you guys/girls too :-)


Rgds
Dax Hoes

On 3 Mar 2006 05:14:44 -0000, admin@chem.uw.edu.pl <admin@chem.uw.edu.pl> wrote:

I have many SSH scans in my large academic network. IMO scanning hosts are 
Windows zombies.

/p
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Re: RE: Internet SSH scans, mrbits
Next by Date:  Re: RE: Internet SSH scans, Christine Kronberg
Previous by Thread:  Re: RE: Internet SSH scans, admin
Next by Thread:  Re: RE: Internet SSH scans, Christine Kronberg
Indexes:  [Date] [Thread] [Top] [All Lists]