[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Si Becker <71362.22@xxxxxxxxxxxxxx>
- Subject: Re: [cobalt-security] Si Becker <71362.22@xxxxxxxxxxxxxx>
- From: Gerald Waugh <gerald@xxxxxxxxx>
- Date: Wed, 26 Dec 2001 01:48:22 -0500
- Organization: Front Street Networks LLC
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Tuesday 25 December 2001 08:25 pm, you wrote:
> Can anyone tell me how to stop this idiot from scanning the servers, have
> changed the port of ssh a while back so I'm not fussed about the port 22
> scan and portsentry and IP Chains are doing their thing. But this is
> happening nearly every day now, has anyone else seen scans from this
> source...
>
> Portsentry had an alert to ns.xxxxxxxxxxxxxxx.com from the following IP
> address and port:
> 211.174.38.152 22 < ------ This IP Changes all the time
> Service:
> ssh 22/tcp SSH Remote Login Protocol
> ssh 22/udp SSH Remote Login Protocol
> # Si Becker <71362.22@xxxxxxxxxxxxxx> <------- This is
> constant as is the ports being scanned
>
You might deny the IP in ipchains. You could just deny for ssh or deny him
everything.
Gerald