Tar pitting automated attacks
John Mills
johnmills at speakeasy.net
Wed Sep 8 05:32:22 PDT 2004
Ahh -
Exactly the scenario here, except the names were different (but similar)
and the source IP was: 64.124.210.23
Thanks.
On Wed, 8 Sep 2004, Jonathan Chen wrote:
> On Tue, Sep 07, 2004 at 09:42:16AM -0400, Mike Galvez wrote:
> > I am seeing a lot of automated attacks lately against sshd such as:
> >
> [...]
> > Sep 6 12:16:39 www sshd[29901]: Failed password for illegal user
server from 159.134.244.189 port 4044 ssh2
> > Sep 6 12:16:41 www sshd[29902]: Failed password for illegal user
adam from 159.134.244.189 port 4072 ssh2
... etc
> > Is there a method to make this more expensive to the attacker, such as
> > tar-pitting?
> Put in a ipfw block on the netblock/country. At the very least it will
> make it pretty slow for the initial TCP handshake.
- John Mills
john.m.mills at alum.mit.edu
More information about the freebsd-questions
mailing list