High levels of breakin attempts
Erik Norgaard
norgaard at locolomo.org
Tue Jan 11 00:12:35 PST 2005
Gene wrote:
> Over the past few months there have been a remarkably high level of
> brute force attacks logged by sshd. I was wondering, is there a way that
> sshd (or some other package) can monitor login attempts and if more than
> say 5 or 6 attempts are made to login from a particular ip address,
> temporarily block that address (perhaps at the firewall)? It'd be real
> satisfying to just dump the attackers' packets to the bit bucket and
> slow 'em down a bit.
Sorry, but this topic was discussed just before you posted - see
"Blacklisting IPs" and it is regularly discussed on various lists.
Everyone asks that same question, and everyone propose the same
solutions, could this be added to the faq?
Cheers, Erik
--
Ph: +34.666334818 web: www.locolomo.org
S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt
Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9
Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2
More information about the freebsd-questions
mailing list