Party

[John Baldwin]

On Wednesday 27 September 2006 22:26, soralx at cydem.org wrote:
> 
> > garbage, in my inbox.  It seems after every ssh-bruteforce wave, 
> > there's a spike in spam distribution.  So the problem just keeps 
> > showing up.  To me, it seems like there's hordes of vandals running 
> > about torching the town, and generally causing havoc.   I guess I just 
> 
> What can be done to keep the logs neat (i.e., free from the ssh-bruteforce
> garbage) is this: for a given number of login failures (e.g., 8), add an
> ipfw rule that blocks all traffic from the offending IP#. Of course, this
> has got to be automatized (script?). I used to add the rules manually, as
> an experiment, and I found that attacks from one IP# do repeat, though
> very seldom (the period may be as long as a few months). The rule list
> will grows without bounds :( I figure, this reduces the amount of recieved
> spam slightly too.
> Yes, not a novel idea (to phrase it soflty); yet, I actually tested it,
> found that there's net gain from doing that (as small as it may be),
> and no noticeable bad consequences.

ports/security/bruteblock (there's another one for pf, this one is for ipfw)

-- 
John Baldwin