pyauthanalyzer
I wrote this python script in two days for ssh-random-user scans like this. It automatically detects these attacks from logs, determines if it's big enough to report and then tries to figure out an e-mail address to report the scan.
Advantages
- No need for manual log monitoring
- No need for manual abuse reports
- Database for already reported IP addresses
Disadvantages
- IPv6 not currently supported
- If this script gets popular, ISPs may get flooded with abuse mail from actions of one scanner host. Some kind of global database might solve this problem
Todo
- Utilize mktemp
- Report used timezone
- IPv6
Note that the script needs to be configured. Read the instructions and make sure that the required commands are available in your system and for the user which you are running this script
Downloads:
Name Last modified Size Description
![[DIR]](/icons/back.gif)
Parent Directory 04-Sep-2010 12:33 -
![[ ]](/icons/unknown.gif)
pyauthanalyzer.bz2 03-Jun-2005 12:07 3k
![[TXT]](/icons/text.gif)
pyauthanalyzer-source.html 03-Jun-2005 12:08 44k
ssh-example-log.txt 10-Apr-2005 20:26 77k