How to Stop Bruit Force ssh Attempts?
Kris Anderson
ciscoaix at yahoo.com
Sat Mar 18 22:38:00 UTC 2006
--- Chris Maness <chris at chrismaness.com> wrote:
> In my auth log I see alot of bruit force attempts to
> login via ssh. Is
> there a way I can have the box automatically kill
> any tcp/ip
> connectivity to hosts that try and fail a given
> number of times? Is
> there a port or something that I can install to give
> this kind of
> protection. I'm still kind of a FreeBSD newbie.
>
> Thanks,
> Chris Maness
Hey there,
A couple of things you could try. I believe there is a
port that watches log files, utilizing that you could
create a script to add the IP to your firewall rules
then after a time remove it.
The other way is to use snort_inline and see how that
works.
Hope that helps.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the freebsd-questions
mailing list