Subject: Res: NetBSD-3.1 was attacked: Bug of SSHD or cyrus-sasl?
To: Hubert Feyrer , David Sheryn <dhs@chromiq.org>
From: Daniel Cid <danielcid@yahoo.com.br>
List: tech-net
Date: 01/12/2007 07:03:27
I would also suggest you to take look at OSSEC to block password=0Aguessing=
 attacks. It does not only can block based on SSHD brute=0Aforce attacks, b=
ut also on FTP, web-based (webmails), etc.=0A=0ABasically, it monitors mult=
iple log files and when it finds sequenced=0Afailed password attempts from =
the same ip, it can execute active-response=0Ascripts to block them. Anothe=
r benefit of it is that it also performs=0Afile integrity checking and root=
kit detection, so you can have a little=0Amore information about what is ha=
ppening.=0A=0ALink: http://www.ossec.net=0A=0AHope it helps..=0A=0ADaniel C=
id=0A=0A----- Mensagem original ----=0ADe: Hubert Feyrer <hubert@feyrer.de>=
=0APara: David Sheryn <dhs@chromiq.org>=0ACc: Eric Rudolph Pizzani <erp@dig=
italserenity.net>; Water NB <netbsd78@126.com>; pkgsrc-users@NetBSD.org; te=
ch-net@NetBSD.org; tech-pkg@NetBSD.org; netbsd-users@NetBSD.org=0AEnviadas:=
 Sexta-feira, 12 de Janeiro de 2007 8:58:24=0AAssunto: Re: NetBSD-3.1 was a=
ttacked: Bug of SSHD or cyrus-sasl?=0A=0AOn Fri, 12 Jan 2007, David Sheryn =
wrote:=0A> http://fail2ban.sourceforge.net/ or similar ? (not tried it myse=
lf)  Any=0A> other suggestions ?=0A=0ASee "Fighting ssh password guessing a=
ttempts (Update #2)" at =0Ahttp://www.feyrer.de/NetBSD/blog.html/nb_2006010=
7_2016.html=0A=0A=0A  - Hubert=0A=0A=0A=0A=0A______________________________=
____________________=0AFale com seus amigos  de gra=E7a com o novo Yahoo! M=
essenger =0Ahttp://br.messenger.yahoo.com/