[H-GEN] Re: Blocking SSH exploits
troy at piggo.com
Tue Aug 24 23:50:53 EDT 2004
> From: Jay <johannes at paradise.net.nz>
> Subject: Re: [H-GEN] Blocking SSH exploits
> Same here since July 26 using names (root, user, test, admin, guest) and
> originating from:
> Most attempts come in blocks of up to nine per ip within about 30 seconds,
> which suggests some form of automation is being used.
How do you get this in this format? Do you have scripts that filter
out the IPs, or did you just edit manually for this email?
I have the output from logwatch, but would appreciate a filter
script to keep a specific log.
T R O Y P I G G I N S
e : troy at piggo.com
More information about the General