Date: Thu, 16 Dec 2004 20:13:51 +1100 From: Peter Jeremy <PeterJeremy@optushome.com.au> To: John Von Essen <john@essenz.com> Cc: hackers@freebsd.org Subject: Re: brute3.tar.gz Message-ID: <20041216091351.GD91817@cirb503493.alcatel.com.au> In-Reply-To: <20041215184645.B79679@beck.quonix.net> References: <20041215184645.B79679@beck.quonix.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 2004-Dec-15 18:55:20 -0500, John Von Essen wrote: >Whatever this thing is, its tricky. It only runs a few times a day, so it >is tough to find the culprit source with ethereal unless I run ethereal >all day. In packet capture mode. Depending on how much disk space you have spare on your firewall and how much ssh traffic you get normally, running "tcpdump -w ... port 22" for a day or so may be feasible. You can add the target boxes address to the filter and you won't get anything except the culprit address. (Of course, permanently running tcpdump may or may not be practical for other reasons). -- Peter Jeremy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041216091351.GD91817>