On 8/25/05, Gottmar Krakéliusz <ulan.bator@xxxxxxxxxxx> wrote: > Hi! > I use the TARPIT target to delay those brute force attacks on my SSH port. > Now I wonder if there is a way of getting some statistics on how many, which > IP:s and for how long they are caught. > AFAIK, I cant get ALL this by simply logging? If you put your logging rule right before the TARPIT rule, it should log everything that would get to TARPIT. This will show you IPs that get TARPIT-ed, and with some log analysis you could also find when, how many, etc.
