Automated SSH attacks
David A. Bandel
david.bandel at gmail.com
Fri Jul 31 14:24:06 PDT 2009
On Fri, Jul 31, 2009 at 14:45, Jerry McBride<mcbrides9 at comcast.net> wrote:
> On Thursday 30 July 2009 09:22:55 pm david.bandel at gmail.com wrote:
>> Folks,
>>
>> Well, I think I hit another milestone yesterday. I had one firewall at a
>> client site that logged 66,352 login attempts (bad user or password) during
>> the 24 hours from 29-30 July. That's nearly one attack per second all day
>> and all night long. It's filling my syslog sql database log. Gonna have
>> to purge some of the older syslog entries and vacuum the database.
>>
>> I remember when 6 attacks a night was a lot.
>>
>> Ciao,
>>
>> David A. Bandel
>
> David,
>
> Just curious... how are you getting firewall notices into an sql database?
>
started using rsyslog which allows you to log into a sql database -- postgresql in my case. I even wrote a perl cgi front end to view it with using a web browser (in a htpasswd protected directory of course, and available only via https). But that's just for my idiot Windoze-only admins. I use the psql CLI interface.
Ciao,
David-
--
Focus on the dream, not the competition.
- Nemesis Air Racing Team motto
Visit my blog at: http://www.pananix.com/cgi-bin/blosxom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 270 bytes
Desc: OpenPGP digital signature
Url : http://mailman.celestial.com/pipermail/linux-users/attachments/20090731/1a067588/attachment.bin
More information about the Linux-users
mailing list