idea against hacks - help to IDS of a new generation
Damien Miller
djm at mindrot.org
Fri Sep 30 13:14:06 EST 2005
On Thu, 29 Sep 2005, Peter Stuge wrote:
> On Thu, Sep 29, 2005 at 10:22:03PM +0200, Kaleta Stanley wrote:
>> what about to add "optional action" as parameter of sshd
>> (could be used for IDS' )
>> in case of intrussion detection (anyway logged to syslog)
>
> Both your suggestions have been seen before, and the answer is that
> OpenSSH already exports the needed information through syslog, and
> that's where you (and tools) should look in order to make any
> decisions based on failed logins.
Yes, and at the risk of repeating myself: a system that monitors and
reacts to system logs can help with *all* password guessing attacks, not
just those that happen to target ssh.
-d
More information about the openssh-unix-dev
mailing list