/etc/hosts.deniedssh

[Adam Vande More]

On Mon, Jan 18, 2010 at 4:39 PM, David Southwell <david at vizion2000.net>wrote:

> Examples from hosts.deniedssh
> I seem to be on the receiving end of a concerted series of unsuccessful
> break
> in attacks on one of our systems. One small part of the attack has
>  resulted
> in over 2000 entries in our hosts.deniedssh file in less than 1 hour.
>
> I would be interested in any comments on the small example shown below and
> any
> advice.
>
> Thanks in advance
>
> David
> r200-40-132-245.static.adinet.com.uy
> mail.munisanmiguel.gob.pe
> port-83-236-241-198.static.qsc.de
> pd95b50ce.dip0.t-ipconnect.de
> v32641.1blu.de
> dubovik.net
> r200-40-132-245.static.adinet.com.uy
> mail.munisanmiguel.gob.pe
> port-83-236-241-198.static.qsc.de
> pd95b50ce.dip0.t-ipconnect.de
> v32641.1blu.de
> dubovik.net
> r200-40-132-245.static.adinet.com.uy
> mail.munisanmiguel.gob.pe
> port-83-236-241-198.static.qsc.de
> pd95b50ce.dip0.t-ipconnect.de
> v32641.1blu.de
> dubovik.net
> r200-40-132-245.static.adinet.com.uy
> mail.munisanmiguel.gob.pe
> port-83-236-241-198.static.qsc.de
> pd95b50ce.dip0.t-ipconnect.de
> v32641.1blu.de
> dubovik.net
> r200-40-132-245.static.adinet.com.uy
> mail.munisanmiguel.gob.pe
> port-83-236-241-198.static.qsc.de
> pd95b50ce.dip0.t-ipconnect.de
> v32641.1blu.de
> dubovik.net
> r200-40-132-245.static.adinet.com.uy
> mail.munisanmiguel.gob.pe
> port-83-236-241-198.static.qsc.de
> pd95b50ce.dip0.t-ipconnect.de
> v32641.1blu.de
> dubovik.net
> r200-40-132-245.static.adinet.com.uy
> mail.munisanmiguel.gob.pe
> port-83-236-241-198.static.qsc.de
> pd95b50ce.dip0.t-ipconnect.de
> v32641.1blu.de
> dubovik.net
> r200-40-132-245.static.adinet.com.uy
>

Looks like your conf could use some love.  Why are you resolving ip's?
Thresholds can be lowered.  Are you syncing with remote list?

-- 
Adam Vande More