Cutting down on ssh breakin attempts
Josh Paetzel
josh at tcbug.org
Mon Mar 14 21:28:08 PST 2005
On Monday 14 March 2005 07:04, Kyle Jensen wrote:
> Hi,
>
> I run a webmail server for a small company, which
> is (of course) running FreeBSD 5-stable. I get about
> 50-100 failed loging attempts via ssh on a daily basis.
>
> Occasionally, these show up in my daily security digest
> with messages like:
>
> reverse mapping checking getaddrinfo for h169-210-68-8.a
> dcast.com.tw failed - POSSIBLE BREAKIN ATTEMPT!
>
> But mostly it's stuff like
>
> Illegal user postgres from 210.68.8.169
>
> What's the best way to cut down on these attempts?
> I thought about adding a blacklist to my pf.conf rules
> for the pf firewall.
>
> Any thoughts would be greatly appreciated!
> Kyle
Maybe this is an obvious question, but do you need world access to
ssh?
--
Thanks,
Josh Paetzel
More information about the freebsd-questions
mailing list