[nSLUG] My sshd has been discovered... ;-)

Jeff Warnica jeffw at chebucto.ns.ca
Mon Aug 16 20:09:45 ADT 2004

On Mon, 2004-16-08 at 08:39 -0300, David Potter wrote:

> I've thought of breaking out shell and semi-automating a response:
> - parsing the log,
> - looking up the ip, and
> - creating a webpage with this info that would allow me to: review and 
> click-mail log info to abuse at ip
> Has anyone heard of attempts to 'map' hacking activity...?

http://www.dshield.org/ "Distributed Intrusion Detection System".

I stumbled across it a few weeks ago when I installed PSAD, an iptables
log analysis system, as it supports automatic reporting to DShield. They
have a system called fightback: after analyzing all the logs, for strong
cases, they report the findings to the relevant ISP. If you submit to
dshield as a registered user, if one of your scans is part of that
evidence, you will be copied on the whole conversation.

I haven't dug to deeply into DShield, or PSAD for that matter. It is due
for some serious tweeking: since 31 July it has sent me 2724 alerts. (a
crazyly large amount from slashdot and freenode). Now that you have
reminded me of this, you have killed the rest of my evening.


More information about the nSLUG mailing list