Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Show which processes are listening to which ports' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Show which processes are listening to which ports
Authored by: nvdingo on Apr 26, '07 07:54:14AM

While i haven't installed it on an OS X box yet, i have installed sshdfilter on my linux servers.
it should be possible to make it work under OS X with a little work.
Essentially, it watches the secure log for sshd login attempts. if the user name supplied doesn't exist, instant block of that ip address.
it just goes dead. the script automatically cleans those IP addresses out later at a user defined interval.
it gives you 3 attempts to get a user/password combination to login, before it blocks your IP address. That number is also configurable.
You can find sshdfilter, if you are interested in hacking it apart, on freshmeat.net
No, i am not the author, and am in no way affiliated.
i found it after one of my linux boxes was bruteforced through ssh.

the sshdfilter logs that i have emailed to myself in the morning are always amusing.
it's fun reading a couple dozen lines of 'Instant block of xx.xx.xx.xx, unknown user'
where i used to have hundreds of lines of attempts at user guessing.
oh, and anyone trying to use the root user is blocked instantly as well.



[ Reply to This | # ]