idea against hacks - help to IDS of a new generation

Kaleta Stanley openssh-unix-dev at kaleta.sk
Sat Oct 1 05:52:10 EST 2005


Hello,

thank you for your answers ;)

sshd is not only one source for intrussion detection for sure ;)

i'll conciliate with syslog ;)

br
Stanley

On Fri, 30 Sep 2005, Damien Miller wrote:

> On Thu, 29 Sep 2005, Peter Stuge wrote:
>
>> On Thu, Sep 29, 2005 at 10:22:03PM +0200, Kaleta Stanley wrote:
>>> what about to add "optional action" as parameter of sshd
>>> (could be used for IDS' )
>>> in case of intrussion detection (anyway logged to syslog)
>>
>> Both your suggestions have been seen before, and the answer is that
>> OpenSSH already exports the needed information through syslog, and
>> that's where you (and tools) should look in order to make any
>> decisions based on failed logins.
>
> Yes, and at the risk of repeating myself: a system that monitors and
> reacts to system logs can help with *all* password guessing attacks, not
> just those that happen to target ssh.
>
> -d
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>




More information about the openssh-unix-dev mailing list