On Thu, 21 Oct 2004 11:02:31 -0500 Dave Hull dphull@insipid.com wrote:
Quoting Brian Kelsay Brian.Kelsay@kcc.usda.gov:
Block the IPs of the attackers specifically in your iptables rules. Make sure the users that they attempted to log on w/ are disabled, password changed or non-real users. Change root password. It looks like you are already working to allow only your IP to ssh, that's good.
There used to be an application called "Port Sentry" that I ran back in the RH 6.2 days. Port Sentry would monitor all incoming connections and would add a deny rule to hosts.deny for hosts that tried to connect to some port more than some given threshold. It was pretty handy and may even still exist.
Anyone know of anything else like this? I'm too busy to google at the moment.
Port sentry still exists.
--------------------------------- Frank Wiles frank@wiles.org http://www.wiles.org ---------------------------------