Some blatent hacking attempts picked up by Logcheck would be best served by pulling some of the blackhole aspects from portsentry and having LogCheck automaticaly blackhole IP addresses. Threshold would be nice, but in general I am willing to blackhole anyone who fatfingers a ssh password to keep out the ssh scanners.
sshd: Failed password for invalid user webmaster from 220.127.116.11 port 34357 ssh2
mulitiple the above by 100 or so with different users and that would be what I want to blackhole
Log in to post a comment.