[TriLUG] scan question

WA Brown brownwa at ftc-i.net
Wed Mar 8 00:54:30 EST 2006


Is there anyway That I can stop someone scanning? They hit my server all the 
time for 100's of times a day. Is there anyway I can ban them for a certain 
amount of time when they put in bad logins? Ive seen that on someboards,You 
will be banned for 30 minutes if you put in a wrong login 5 times. Can I do 
this?

WA Brown


Mar  5 16:55:45 www sshd[22554]: Failed password for root from 159.169.242.6 
port 48117 ssh2
Mar  5 16:55:48 www sshd[22556]: Failed password for root from 159.169.242.6 
port 48435 ssh2
Mar  5 16:55:51 www sshd[22558]: Failed password for root from 159.169.242.6 
port 48849 ssh2
Mar  5 16:55:54 www sshd[22560]: Failed password for root from 159.169.242.6 
port 49285 ssh2
Mar  5 16:55:57 www sshd[22562]: Failed password for root from 159.169.242.6 
port 49688 ssh2
Mar  5 16:56:00 www sshd[22564]: Failed password for root from 159.169.242.6 
port 50119 ssh2
Mar  5 16:56:04 www sshd[22566]: Failed password for root from 159.169.242.6 
port 50576 ssh2
Mar  5 16:56:08 www sshd[22573]: Failed password for root from 159.169.242.6 
port 51008 ssh2
Mar  5 16:56:11 www sshd[22575]: Failed password for root from 159.169.242.6 
port 51468 ssh2
Mar  5 16:56:14 www sshd[22577]: Failed password for root from 159.169.242.6 
port 51921 ssh2
Mar  5 16:56:17 www sshd[22579]: Failed password for root from 159.169.242.6 
port 52399 ssh2
Mar  5 16:56:20 www sshd[22581]: Failed password for root from 159.169.242.6 
port 52858 ssh2
Mar  5 16:56:24 www sshd[22583]: Failed password for root from 159.169.242.6 
port 53304 ssh2
Mar  5 16:56:27 www sshd[22590]: Failed password for root from 159.169.242.6 
port 53783 ssh2
Mar  5 16:56:31 www sshd[22592]: Failed password for root from 159.169.242.6 
port 54352 ssh2
Mar  5 16:56:34 www sshd[22594]: Failed password for root from 159.169.242.6 
port 54971 ssh2
Mar  5 16:56:38 www sshd[22596]: Failed password for root from 159.169.242.6 
port 55520 ssh2
Mar  5 16:56:41 www sshd[22598]: Failed password for root from 159.169.242.6 
port 56077 ssh2
Mar  5 16:56:46 www sshd[22600]: Failed password for root from 159.169.242.6 
port 56607 ssh2
Mar  5 16:56:49 www sshd[22607]: Failed password for root from 159.169.242.6 
port 57419 ssh2
Mar  5 16:56:52 www sshd[22609]: Failed password for root from 159.169.242.6 
port 57985 ssh2
Mar  5 16:56:55 www sshd[22611]: Failed password for root from 159.169.242.6 
port 58158 ssh2
Mar  5 16:56:58 www sshd[22613]: Failed password for root from 159.169.242.6 
port 58284 ssh2
Mar  5 16:57:01 www sshd[22615]: Failed password for root from 159.169.242.6 
port 58355 ssh2
Mar  5 16:57:05 www sshd[22622]: Failed password for root from 159.169.242.6 
port 58520 ssh2
Mar  5 16:57:08 www sshd[22624]: Failed password for root from 159.169.242.6 
port 58768 ssh2
Mar  5 16:57:11 www sshd[22626]: Failed password for root from 159.169.242.6 
port 59020 ssh2
Mar  5 16:57:14 www sshd[22628]: Failed password for root from 159.169.242.6 
port 59221 ssh2
Mar  5 16:57:17 www sshd[22630]: Failed password for root from 159.169.242.6 
port 59459 ssh2
Mar  5 16:57:20 www sshd[22632]: Failed password for root from 159.169.242.6 
port 59692 ssh2
Mar  5 16:57:23 www sshd[22634]: Failed password for root from 159.169.242.6 
port 59929 ssh2
Mar  5 16:57:29 www sshd[22641]: Failed password for root from 159.169.242.6 
port 60352 ssh2
Mar  5 16:57:32 www sshd[22643]: Failed password for root from 159.169.242.6 
port 60703 ssh2
Mar  5 16:57:35 www sshd[22645]: Failed password for root from 159.169.242.6 
port 32817 ssh2
Mar  5 16:57:38 www sshd[22647]: Failed password for root from 159.169.242.6 
port 33309 ssh2
Mar  5 16:57:41 www sshd[22649]: Failed password for root from 159.169.242.6 
port 33618 ssh2





More information about the TriLUG mailing list