blacklisting failed ssh attempts
Charles Ulrich
charles at idealso.com
Wed Dec 1 10:02:50 PST 2004
This morning I noticed that an attacker spent over a full hour trying to
brute-force accounts and passwords via ssh on one of our machines. These kinds
of attacks are becoming more frequent.
I was wondering: does anyone know of a way to blacklist a certain IP (ideally,
just for a certain time period) after a certain number of failed login
attempts via ssh? I could change the port that sshd listens on, but I'd rather
find a better solution, one that isn't just another layer of obscurity.
Thanks!
--
Charles Ulrich
Ideal Solution, LLC - http://www.idealso.com
More information about the freebsd-questions
mailing list