Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
masyukevich at spiritdsp.com
Mon Nov 13 13:16:49 UTC 2006
You just must use the utility 'DenyHosts', and all Your problems will be
DenyHosts the remarkable utility! It's protects only service ssh, and
It is easy in adjustments and very effective in work.
You can find this utility in a collection of ports.
SPIRIT DSP, www.spiritDSP.com/voip, Embedded Voice Experience
SeeStorm, www.SeeStorm.com, Synthetic Video Conferencing
TeamSpirit - Award-Winning Multi-Point Voice Conferencing Engine
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org] On Behalf Of Leo L. Schwab
Sent: Monday, November 13, 2006 9:05 AM
To: freebsd-questions at freebsd.org
Subject: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
I recently installed FreeBSD 6.1 on my gateway. It replaced an
installation of FreeBSD 4.6.8 (fresh install, not an upgrade) on which I
had disabled the SSH server. Since all the bugs in SSH are fixed now (
:-) ), I thought I'd leave the server on, and am somewhat dismayed to
discover that I now get occasional brute-force/dictionary attacks on the
A little Googling revealed a couple of potentially useful tools:
'sshit' and 'bruteblock', both of which notice repeated login attempts
from a given IP address and blackhole it in the firewall. I first tried
'sshit', but after a couple days, I noticed in my daily reports that I
was still getting lengthy bruteforce attempts, suggesting the 'sshit'
was not working.
So I uninstalled 'sshit' and installed 'bruteblock'. But again
a couple days later, the logs showed lengthy bruteforce attempts going
The relevant lines from my /etc/syslog.conf file are:
auth.info;authpriv.info | exec /usr/local/sbin/bruteblock -f
Any hints as to what I might be doing wrong?
freebsd-questions at freebsd.org mailing list
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions