Tar pitting automated attacks
Chris
racerx at makeworld.com
Wed Sep 8 05:37:08 PDT 2004
John Mills wrote:
> Ahh -
>
> Exactly the scenario here, except the names were different (but similar)
> and the source IP was: 64.124.210.23
>
> Thanks.
>
> On Wed, 8 Sep 2004, Jonathan Chen wrote:
>
>
>>On Tue, Sep 07, 2004 at 09:42:16AM -0400, Mike Galvez wrote:
>>
>>>I am seeing a lot of automated attacks lately against sshd such as:
>>>
>>
>>[...]
>
> > > Sep 6 12:16:39 www sshd[29901]: Failed password for illegal user
> server from 159.134.244.189 port 4044 ssh2
> > > Sep 6 12:16:41 www sshd[29902]: Failed password for illegal user
> adam from 159.134.244.189 port 4072 ssh2
> ... etc
>
>
>>>Is there a method to make this more expensive to the attacker, such as
>>>tar-pitting?
>
>
>>Put in a ipfw block on the netblock/country. At the very least it will
>>make it pretty slow for the initial TCP handshake.
>
>
> - John Mills
> john.m.mills at alum.mit.edu
I really wish people would stop top posting.
--
Best regards,
Chris
Flynn is dead
Tron is dead
long live the MCP.
More information about the freebsd-questions
mailing list