Party
soralx at cydem.org
soralx at cydem.org
Wed Sep 27 19:26:49 PDT 2006
> garbage, in my inbox. It seems after every ssh-bruteforce wave,
> there's a spike in spam distribution. So the problem just keeps
> showing up. To me, it seems like there's hordes of vandals running
> about torching the town, and generally causing havoc. I guess I just
What can be done to keep the logs neat (i.e., free from the ssh-bruteforce
garbage) is this: for a given number of login failures (e.g., 8), add an
ipfw rule that blocks all traffic from the offending IP#. Of course, this
has got to be automatized (script?). I used to add the rules manually, as
an experiment, and I found that attacks from one IP# do repeat, though
very seldom (the period may be as long as a few months). The rule list
will grows without bounds :( I figure, this reduces the amount of recieved
spam slightly too.
Yes, not a novel idea (to phrase it soflty); yet, I actually tested it,
found that there's net gain from doing that (as small as it may be),
and no noticeable bad consequences.
[SorAlx] ridin' VN1500-B2
More information about the freebsd-chat
mailing list