Monitoring a TARPIT
curby.public at gmail.com
Fri Aug 26 23:56:00 CEST 2005
On 8/25/05, Gottmar Krakéliusz <ulan.bator at hotmail.com> wrote:
> I use the TARPIT target to delay those brute force attacks on my SSH port.
> Now I wonder if there is a way of getting some statistics on how many, which
> IP:s and for how long they are caught.
> AFAIK, I cant get ALL this by simply logging?
If you put your logging rule right before the TARPIT rule, it should
log everything that would get to TARPIT. This will show you IPs that
get TARPIT-ed, and with some log analysis you could also find when,
how many, etc.
More information about the netfilter