[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssh-unix-dev
Subject:    Re: idea against hacks - help to IDS of a new generation
From:       Kaleta Stanley <openssh-unix-dev () kaleta ! sk>
Date:       2005-09-30 19:52:10
Message-ID: Pine.LNX.4.61.0509302147410.26511 () kaleta ! sk
[Download RAW message or body]


Hello,

thank you for your answers ;)

sshd is not only one source for intrussion detection for sure ;)

i'll conciliate with syslog ;)

br
Stanley

On Fri, 30 Sep 2005, Damien Miller wrote:

> On Thu, 29 Sep 2005, Peter Stuge wrote:
>
>> On Thu, Sep 29, 2005 at 10:22:03PM +0200, Kaleta Stanley wrote:
>>> what about to add "optional action" as parameter of sshd
>>> (could be used for IDS' )
>>> in case of intrussion detection (anyway logged to syslog)
>>
>> Both your suggestions have been seen before, and the answer is that
>> OpenSSH already exports the needed information through syslog, and
>> that's where you (and tools) should look in order to make any
>> decisions based on failed logins.
>
> Yes, and at the risk of repeating myself: a system that monitors and
> reacts to system logs can help with *all* password guessing attacks, not
> just those that happen to target ssh.
>
> -d
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
[prev in list] [next in list] [prev in thread] [next in thread]