Displaying 1 result from an estimated 1 matches for "mkongwe".
2011 Apr 04
6
sshd: Authentication Failures: 137 Time(s)
...m recent
--update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set
--name SSH --rsource
And this is part of logwatch:
sshd:
Authentication Failures:
unknown (www.telkom.co.ke): 137 Time(s)
unknown (mkongwe.jambo.co.ke): 130 Time(s)
unknown (212.49.70.24): 107 Time(s)
root (195.191.250.101): 8 Time(s)
How is it possible for an attacker to try to logon more then 4 times?
Can the attacker do this with only one TCP/IP connection without
establishing a new one?
Or have the scripts been a...