Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Modify Remote Login server to block scripted attacks' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Modify Remote Login server to block scripted attacks
Authored by: max_zorn on Feb 11, '05 08:10:41AM
Naive question: Where is the system log?

Cheers, Max

[ Reply to This | # ]

Modify Remote Login server to block scripted attacks
Authored by: remolinero on Feb 11, '05 08:20:44AM

I suffer the same problem a time ago... So i have forwarded the SSH port to a very-not-standard port at my firewall (say 51422). I think it is possible to do this in the Mac, too.
This make almost impossible a login from a client that doesn't know the port used and reduced, in my case, the attempts of illegal login to 0.



[ Reply to This | # ]
Modify Remote Login server to block scripted attacks
Authored by: thiophene on Feb 11, '05 09:17:46AM

try /var/log/system.log



[ Reply to This | # ]
Modify Remote Login server to block scripted attacks
Authored by: robg on Feb 11, '05 10:28:58AM
Launch Console, then click on Logs in the Toolbar, then click system.log.

You can then use the filter field (top right of toolbar) to find the sshd-related activity; just type sshd into it, and you'll see only the Remote Login-related activity.

You could filter even more directly by looking for either Illegal user or Failed password. That's what I wound up doing.

-rob.

[ Reply to This | # ]
Modify Remote Login server to block scripted attacks
Authored by: max_zorn on Feb 11, '05 11:32:03AM

Hello Rob and thiophene,

thanks a bunch!

Cheers,

Max



[ Reply to This | # ]