Menu
▾
▴
Re: [SSHGuard-users] New Attack Signature
|
From: Kevin Z. <kev...@gm...> - 2016-09-11 06:52:23
|
On 09/10/2016 13:13, Mark Chen wrote: > Just found this in my logs. Notice that the spammer alternates among > several addresses within the same class B network (in this case, two > different class Bs) in order to avoid detection. > > Any chance we could add a signature for this? Wow, that's impressive. I believe this discussion has happened before. I believe the conclusion was that it's beyond the scope of SSHGuard to do reverse lookups and block entire address ranges. Now that SSHGuard is being split up into several helper programs this might be doable as a sort of optional intermediate stage in the filter pipeline. Lately I've been a bit busy so I won't be able to take a look, but if someone's really interested in taking a whack at this I'd be happy to help. Best, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
