[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: h4x0rs

Joakim Aronius dixit:

>Yep, you are right. I checked my script for doing the sshblock and i
>use a regexp to get the ip. The attacker could of course enter an ip
>address as a user name which i didn't think of before. Proves again
>that one can never be too paranoid.. :) /jkm

(Please wrap your lines correctly.)

tg_(_at_)_odem:/home/tg $ x='Dec  1 06:30:18 odem sshd[4420]: Accepted password \
for tg from 2001:6f8:1315:caffe:feed:5150:cafe:babe port 17217 ssh2'
tg_(_at_)_odem:/home/tg $ x=${x%@(port )+([0-9])@( )+([0-9a-z])}     
tg_(_at_)_odem:/home/tg $ print ${x##*from@( )}                  

ksh > cut > regexps > perl ;-)
(Sorry Marc, no offense. All IMHO.)