I believe there's a program called sentry tools (port sentry, logcheck and host sentry) that could do the job but I think this is obsolete and the version under sourceforge is old. Does anyone know where this can be found by these days? Or there's any substitute? I want not only to monitor sshd port put also others services running... Thanks, Bruno Scott Leighton wrote:
On Sunday 11 December 2005 3:27 pm, Jaime Santos wrote:
Hi again,
If someone is using a script to probe port 22 of random machines, probably it does make sense to attach the ssh server to some other port. But your users will have to be warned that they have to explicitly name such a port when trying to login remotely. Furthermore, a nmap search for open ports can always reveal the services which are available, but this is a directed attack. Given the nuisance (such strategy is essentially security via obscurity), I think it isn't worth doing it.
Yes, the script kiddies are a nuisance. I use login_sentry to send them on their way (it adds their IP address to hosts.deny).
http://www.lumiere.net/~j/login_sentry/
Scott