blacklisting failed ssh attempts
Josh Paetzel
josh at tcbug.org
Wed Dec 1 10:06:22 PST 2004
On Wednesday 01 December 2004 17:41, you wrote:
> This morning I noticed that an attacker spent over a full hour
> trying to brute-force accounts and passwords via ssh on one of our
> machines. These kinds of attacks are becoming more frequent.
>
> I was wondering: does anyone know of a way to blacklist a certain
> IP (ideally, just for a certain time period) after a certain number
> of failed login attempts via ssh? I could change the port that sshd
> listens on, but I'd rather find a better solution, one that isn't
> just another layer of obscurity.
>
> Thanks!
This may or may not help you, but I generally firewall ssh so that
only known addresses can get in. (whitelisting as opposed to
blacklisting)
--
Thanks,
Josh Paetzel
More information about the freebsd-questions
mailing list