High levels of breakin attempts

Erik Norgaard norgaard at locolomo.org
Tue Jan 11 00:12:35 PST 2005


Gene wrote:
> Over the past few months there have been a remarkably high level  of 
> brute force attacks logged by sshd. I was wondering, is there a way that 
> sshd (or some other package) can monitor login attempts and if more than 
> say 5 or 6 attempts are made to login from a particular ip address, 
> temporarily block that address (perhaps at the firewall)? It'd be real 
> satisfying to just dump the attackers' packets to the bit bucket and 
> slow 'em down a bit.

Sorry, but this topic was discussed just before you posted - see 
"Blacklisting IPs" and it is regularly discussed on various lists.
Everyone asks that same question, and everyone propose the same 
solutions, could this be added to the faq?

Cheers, Erik
-- 
Ph: +34.666334818                                  web: www.locolomo.org
S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt
Subject ID:  A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9
Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2


More information about the freebsd-questions mailing list