Blacklisting IPs
daniel quinn
freebsd at danielquinn.org
Mon Jan 10 13:31:21 PST 2005
On January 10, 2005 01:20 am, artware wrote:
> My 5.3R system has only been up a little over a week, and I've already
> had a few breakin attempts -- they show up as Illegal user tests in
> the /var/log/auth.log... It looks like they're trying common login
> names (probably with the login name used as passwd). It takes them
> hours to try a dozen names, but I'd rather not have any traffic from
> these folks. Is there any way to blacklist IPs at the system level, or
> do I have to hack something together for each daemon?
i have three suggestions for this:
1) edit sshd_config to set PermitRootLogin to "no". since root is the only
user on your system that obviously exists elsewhere, this is a nice start
2) setup sshd to allow connections with keys only. then go buy yourself a
usb key and keep your private key on there when you connect.
3) use a port-knocking daemon:
http://www.portknocking.org/
http://www.zeroflux.org/knock/
--
those who say it cannot be done
should not interrupt the person doing it
- unknown
More information about the freebsd-questions
mailing list