Diary of a geek

September 2008
Mon Tue Wed Thu Fri Sat Sun

Andrew Pollock


Other people's blogs


RSS feed

Contact me

JavaScript required

Thursday, 04 September 2008

Sudden fit of coding

I saw that the inimitable Steve Kemp has cranked out an RBL for hosts that do brute force SSH attacks within seconds of thinking about doing it.

As I have a passing interest in such things, and discovered that his sample submission client is really more geared towards people using iptables with the LOG target (and I use the ULOG target), I cranked out this moderately flexible Python client for logs written by ulogd this evening.

If you use Netfilter rules like mine, you can use my script after /var/log/ulog/syslogemu.log gets rotated with:

$ ./report_iptables_ulog.py --log /var/log/ulog/syslogemu.log.1 --prefix SSH_brute_force

[23:18] [tech/security] [permalink]

One year later

It's hard to believe, but it's a year ago today since the worst day of my life.

In so many ways, it feels like so much longer, yet the memories still haunt me.

[07:57] [life] [permalink]