Menu
▾
▴
Re: [SSHGuard-users] SASL
|
From: Kevin Z. <kev...@gm...> - 2016-06-12 17:06:06
|
On 06/12/16 00:38, Jos Chrispijn wrote: > Jun 11 01:06:33 ceto postfix/smtpd[39048]: warning: > unknown[36.6.252.174]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Thanks, I'll add it when I get around to it. > Just a question: how do you process these updates? Do you do this in the > SSHGuard itself (new version update) or do you keep an online database > with these examples that is inquired every time SSHGuard is activated on > our side? Best, Jos Chrispijn All attack signatures are built into the SSHGuard binary itself. You can see for yourself how this is done in src/parser. This means that updating attack signatures requires an SSHGuard update. This was a design choice that prefers ease of setup and simplicity over ease of configuration. -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
