Tar pitting automated attacks
JJB
Barbish3 at adelphia.net
Wed Sep 8 08:47:36 PDT 2004
If you have no need for remote users to ssh into your system them
remove the ssh enable statement from rc.conf. If you do need ssh
then change its default port to some thing else and have all
authorized remote ssh users add the new port number to the remote
ssh login command. This will stop all your bad ssh login attempts.
Then you can have your ipfilter firewall log all the ssh attempts to
the ssh default port number and then run the log through this abuse
reporting application.
http://freebsd.a1poweruser.com:6088/99.20-abuse_rpts_download.htm
This application has been made into a FreeBSD port but it has not
been officially accepted yet.
This is my passive-aggressive solution to putting a stop to port
scanning.
More information about the freebsd-questions
mailing list