Botnet Survey
Mar. 11th, 2007 05:34 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
elfsSo, this morning, now that Pendorwright has come back up, I did a survey of my box, scanning for rootkits and basically doing the monthly security sweep. The machine looks okay but there were a lot of breakin attempts recorded by auth.log, brute-force dictionary attacks on the SSH server mostly. I decided to do something about by putting up a self-protecting firewall, one that uses various TCP/IP controls to block users before they even get to the "enter a password" phase.
When I first started up the program, DenyHosts, it immediately found 165 different hosts out there that were systematically trying to script-kiddie my box, throwing over 11,000 user names at it. So far, nobody but me has been able to get in, but grief, how ugly and annoying. Next thing you know, I'll have to reconfigure the secure login server to use an obscure port just to keep the log files from growing absurdly large.
When I first started up the program, DenyHosts, it immediately found 165 different hosts out there that were systematically trying to script-kiddie my box, throwing over 11,000 user names at it. So far, nobody but me has been able to get in, but grief, how ugly and annoying. Next thing you know, I'll have to reconfigure the secure login server to use an obscure port just to keep the log files from growing absurdly large.
