Automated attack reporting tool

Discussion topics, Linux related - not requests for help

Moderators: ChriThor, LXF moderators

Automated attack reporting tool

Postby bobthebob1234 » Fri Nov 26, 2010 1:31 pm

Anybody know of one?

I have logwatch installed on two servers with ssh ruuning on port 22 (I need to run on port 22 cos the uni blocks other ports and won't unblock other ports unless it is for an academic reason.)

I get stuff like this every day from the servers.
Code: Select all
 Didn't receive an ident from these IPs: 1 Time(s) ( 1 Time(s) ( 1 Time(s) 1 Time(s)

 Failed logins from: ( 6 times
      root/password: 6 times ( 3 times
      root/password: 3 times 5 times
      root/password: 5 times ( 1 time
      root/password: 1 time

 Illegal users from: 1 time
      oracle: 1 time 3 times
      ant: 1 time
      office: 1 time
      pc: 1 time 1 time
      ant: 1 time

So does anyone know of an automated tool to look up info about the ip address and send an email reporting the attack to the valid email for the ip address. I'm currently doing it by hand.

Or is not worth bothering.

Also is there a black list i should be reporting these ip address to?

For certain you have to be lost to find the places that can't be found. Elseways, everyone would know where it was
LXF regular
Posts: 1373
Joined: Thu Jan 03, 2008 9:38 pm
Location: A hole in a field

Return to Discussion

Who is online

Users browsing this forum: Exabot [Bot] and 0 guests