[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Thu, 24 Nov 2005 19:06:04 -0500 -->
- <!--x-from-r13: eenzfqryy ng nqrycuvn.arg (Dnaql Dnzfqryy) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] SSH monitoring -->
- <li><em>date</em>: Thu, 24 Nov 2005 19:06:04 -0500</li>
- <li><em>from</em>: rramsdell at adelphia.net (Randy Ramsdell)</li>
- <li><em>in-reply-to</em>: <<a href="msg00361.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg00361.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] SSH monitoring</li>
To be honest with you, the ssh port 22 will be bombarded by brute force
attacks all day everyday. One way to monitor this port is to enable
logging from iptables. Just use the -j LOG using the "syn" as a trigger.
Also, snort would be useful here along with Acid that will log to a
database and select from the database using php.
My solution, however, was to NOT run on port 22. I run ssh on a non-
standard port and haven't had a single connect in 5 years to that port.
I still use iptables to log any syn packet however.
Hope this helps.
rcr
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00363" href="msg00363.html">[ale] SSH monitoring</a></strong>
<ul><li><em>From:</em> Robert.L.Harris at rdlg.net (Robert L. Harris)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00361" href="msg00361.html">[ale] SSH monitoring</a></strong>
<ul><li><em>From:</em> colbert.brandon at gmail.com (Brandon Colbert)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00361.html">[ale] SSH monitoring</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00363.html">[ale] SSH monitoring</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00361.html">[ale] SSH monitoring</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00363.html">[ale] SSH monitoring</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00362"><strong>Date</strong></a></li>
<li><a href="threads.html#00362"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>