Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Increase in SSH scans

From: Paulo.Sedrez () weavers com br
Date: Wed, 02 Oct 2002 04:08:11 -0300 (BRT)

On 30-Sep-2002 Keith T. Morgan wrote:

# grep 'Sep\ 2[2-9]' /var/log/messages | grep 'DPT=22' | wc


Please, try something like:

# grep 'Sep 2[2-9]' /var/log/messages | grep 'PROTO=TCP .* DPT=22 ' | wc -l

This will avoid mixing UDP port 22 or ports 22* with TCP port 22.

-----
Paulo F. Sedrez
Diretor de Tecnologia
Weavers Network Consulting      Tel/Fax: +55-21-2239-3190
http://www.weavers.com.br       Paulo.Sedrez () weavers com br
--------------------------
Thought of the day:

"Pascal is Pascal is Pascal is dog meat."
                -- M. Devine and P. Larson, Computer Science 340


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: