[nSLUG] My sshd has been discovered... ;-)

David Potter dlpotter at ns.sympatico.ca
Tue Aug 17 12:19:45 ADT 2004

DShield is certainly a step in the right direction. In each of my cases, 
the Linux boxes sit behind a home/office router/firewall with only the 
minimum ports/services exposed. Because I'm the only legitimate ssh user 
I'll probably start using a non-standard port for remote admin.


I do think however, that allowing people to beat on machines without any 
risk/fear of detection shifts the risk to us and consumes phenomenal 
amounts of our time and energy - which could be put to more productive use.


David Potter

Jeff Warnica wrote:

> On Mon, 2004-16-08 at 08:39 -0300, David Potter wrote:
>>I've thought of breaking out shell and semi-automating a response:
>>- parsing the log,
>>- looking up the ip, and
>>- creating a webpage with this info that would allow me to: review and 
>>click-mail log info to abuse at ip
>>Has anyone heard of attempts to 'map' hacking activity...?
> http://www.dshield.org/ "Distributed Intrusion Detection System".
> I stumbled across it a few weeks ago when I installed PSAD, an iptables
> log analysis system, as it supports automatic reporting to DShield. They
> have a system called fightback: after analyzing all the logs, for strong
> cases, they report the findings to the relevant ISP. If you submit to
> dshield as a registered user, if one of your scans is part of that
> evidence, you will be copied on the whole conversation.
> I haven't dug to deeply into DShield, or PSAD for that matter. It is due
> for some serious tweeking: since 31 July it has sent me 2724 alerts. (a
> crazyly large amount from slashdot and freenode). Now that you have
> reminded me of this, you have killed the rest of my evening.
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug


More information about the nSLUG mailing list