[Beowulf] Re: "hobbyists"

[Joe Landman]

stephen mulcahy wrote:
> 
> 
> Joe Landman wrote:
>> Use pam_abl.  Really.  Even if the password were weak, and they 
>> guessed it on the 57th try, pam_abl will stop the login.  Read the 
>> manual. Adjust the config settings.
>>
>> Our ssh logs are scary, have been for a while.  They aren't the 
>> scariest of our logs.
> 
> DenyHosts works on a similar principle - 
> http://denyhosts.sourceforge.net/ although pam_abl's pretending to 
> accept logins even when the attacker has been blacklisted sounds 
> downright sneaky!

Yup!

   I wrote a tool called "danger" that parses the ssh logs, the 
/etc/hosts.deny logs, and makes ... recommondations about what to add. 
Based upon who has been attacking you.  This pre-dated denyhosts by a 
bit.  I still run it, and it gives me a nightly summary of the bad guys.

> 
> Could make for an interesting Monday morning pre-coffee login session 
> though - as you wonder why your initially mistyped password still isn't 
> working after 50 login attempts :)

Yuppers.  Had that happen once.  Learned to get coffee before doing 
anything important.

> 
>> Even paranoids have enemies.
> 
> or "I've only been paranoid since they started watching me"?
> 
> -stephen
> 


-- 
Joseph Landman, Ph.D
Founder and CEO
Scalable Informatics LLC,
email: landman at scalableinformatics.com
web  : http://www.scalableinformatics.com
        http://jackrabbit.scalableinformatics.com
phone: +1 734 786 8423
fax  : +1 866 888 3112
cell : +1 734 612 4615