<br><font size=2 face="sans-serif">Best Regards,<br>
<br>
Mark L. Potter<br>
Systems Engineer<br>
Academy Sports & Outdoors<br>
1800 N. Mason Rd<br>
Katy, Texas 77449<br>
Office: 281-646-5857<br>
Cell: 281-734-6965<br>
</font>
<br>
<br><tt><font size=2>nagios-users-bounces@lists.sourceforge.net wrote on
03/05/2008 04:04:16 PM:<br>
<br>
> -----BEGIN PGP SIGNED MESSAGE-----<br>
> Hash: SHA1<br>
> <br>
> Matthew Macdonald-Wallace wrote:<br>
> | Hi All,<br>
> |<br>
> | Before I start coding my own plugin to do this, does anyone know
of a<br>
> | plugin that monitors the number of external connection attempts
over a<br>
> | given period of time for a given service and sends alerts accordingly?<br>
> |<br>
> | I've noticed on a number of servers that we maintain recently that<br>
> | there are unauthorised attempts to connect via SSH/FTP. These
appear<br>
> | in the log files about 2 seconds apart and are obviously automated.<br>
> <br>
> They are in fact rooted machines running a bot doing the work. these
are<br>
> around for years and apparantly people still think that they can put
up<br>
> unpatched servers on the internet.<br>
> <br>
> But unless you will report the server to th owner of the network or<br>
> anything like that I think it will be just adrain of resources without<br>
> any benefit.<br>
> <br>
> Hugo.<br>
> <br>
As much as reporting them sounds nice I find only about one in ten reports
ever has any response and only about one on five of those has anything
done about it. I use a combination of scripts to simply null route the
bastards and be done with them.<br>
</font></tt>