[ILUG] SSH dictionary attacks.
cj at nologic.org
Thu Aug 24 15:01:03 IST 2006
Aine Douglas said:
> On 8/24/06, Rick Moen <rick at linuxmafia.com> wrote:
>> Quoting Aine Douglas (aine.douglas at gmail.com):
>> > I'm getting sick of seeing log entries for SSH dictionary attacks....
>> So, you should filter the mechanism you use to view your logfiles
>> (whatever that is) to omit essentially meaningless data like today's
>> dozen runs of SSH dictionary attacks.
> Thanks Rick, my problem was I was debugging and watching for log
> outputs of an app with tail -f, and my output was getting lost in the
> dictionary attack logs.
tail -f pipes very nicely to grep
tail -f <file> | grep -v <stuff I don't want to see>
tail -f <file> | grep <only the stuff I want to see>
I also like using less, because I can search and highlight instances of a
particular string, then use <shift>-F to follow the file, then <ctrl>-C to
stop it and page back up, etc. Doesn't get rid of the crap, but does allow
you to search up and down your results quite nicely.
> I've since found an easier way to stop this problem for debugging
> processes. I establish all the terminal sessions I need over SSH, and
> from one of them stop SSHD, and it doesn't kill my open sessions.
Interesting approach. How do you handle the situation when your laptop
dies, your wireless connection is dropped or something similar kills all
your ssh sessions?
More information about the ILUG