Re: SSH break-in attempts
- From: Alan Frisbie <Usenet02_Remove@xxxxxxxxxxxxxxx>
- Date: Thu, 25 Sep 2008 13:19:56 -0700
Peter Weaver wrote:
$! To control the purging of .LOG files edit SYS$SYSTEM:TCPIP$SSH_RUN.COM
$! I have modified SYS$SYSTEM:TCPIP$SSH_RUN.COM to keep any log created in
$! the past 14 days.
Since the default is /Keep=5, this is very important if you want
this procedure to work as intended. I just changed mine to /Keep=50
Also, if you have had your system connected to the Internet for a
while, you will find that the log files have topped out at version
32767 and no new ones are being created. Time to delete them all
and start over.
Another thing to note when using this procedure (as I have learned
in the last two days) is that the script kiddies will fire off five
or ten simultaneous SSH threads. Thus, you will have five or ten
log files with no records in them yet. Given that each one gives
them three attempts to guess the password, you will get a lot of
alarms before the rate limiting kicks in. But when those log files
are closed/flushed, boy do they hit a brick wall! :-)
I changed mine from a linear increase to an exponential increase
(limited by integer DCL arithmetic):
$ seconds = number_of_times * (number_of_times / 2)
At first I left off the "/2", but decided that was a bit *too*
aggressive. :-)
All in all, I am very happy with this procedure!
Now I just wish for a similar one for FTP.
Thanks,
Alan
.
- Follow-Ups:
- RE: SSH break-in attempts
- From: Peter Weaver
- RE: SSH break-in attempts
- References:
- SSH break-in attempts
- From: Steven M. Schweda
- SSH break-in attempts
- Prev by Date: VMS831H1I_UPDATE V2.0 v. zx2000: [SYS$LDR]UPDATE-V0200_FAIL_SYS$EFI.BAK
- Next by Date: Re: What creates .RND files?
- Previous by thread: Re: SSH break-in attempts
- Next by thread: RE: SSH break-in attempts
- Index(es):
Relevant Pages
|
