SSH Scans
After of seeing a lot of ssh scans on my firewalls and home PC, I made a script that filters out the "Invalid User" entry inside /var/log/messages and do some cleaning process, the result is a dictionary (homebrew) of users that tried to login into my hosts.
Into the dictionary I saw english and Brazilian Portuguese words, maybe
we have Brazilian hackers running scan bots too.
This work is only for experiment and curiosity to see what is happening
with Internet today.
If you have a better idea of sugestion, please mail me: "michel@michel.eti.br"
* sshscan.sh
* dictionary.txt
Into the dictionary I saw english and Brazilian Portuguese words, maybe
we have Brazilian hackers running scan bots too.
This work is only for experiment and curiosity to see what is happening
with Internet today.
If you have a better idea of sugestion, please mail me: "michel@michel.eti.br"
* sshscan.sh
* dictionary.txt
posted by Michel at quinta-feira, março 16, 2006
2 Comments:
Only 3 tries per minute/ip:
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 22 -m state --state NEW -m limit --limit 3/min --limit-burst 3 -j ACCEPT
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 22 -j DROP
well the iptables rule wil stop 'em but its not going to collect the interesting stats. At minimum I'd add
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 22 -j LOG --log-prefix "sshscan "
Postar um comentário
<< Home