idea against hacks - help to IDS of a new generation

Damien Miller djm at mindrot.org
Fri Sep 30 13:14:06 EST 2005


On Thu, 29 Sep 2005, Peter Stuge wrote:

> On Thu, Sep 29, 2005 at 10:22:03PM +0200, Kaleta Stanley wrote:
>> what about to add "optional action" as parameter of sshd
>> (could be used for IDS' )
>> in case of intrussion detection (anyway logged to syslog)
>
> Both your suggestions have been seen before, and the answer is that
> OpenSSH already exports the needed information through syslog, and
> that's where you (and tools) should look in order to make any
> decisions based on failed logins.

Yes, and at the risk of repeating myself: a system that monitors and 
reacts to system logs can help with *all* password guessing attacks, not 
just those that happen to target ssh.

-d




More information about the openssh-unix-dev mailing list