Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
Leo L. Schwab
ewhac at best.com
Tue Nov 14 09:21:03 UTC 2006
On Mon, Nov 13, 2006 at 09:16:35PM +0100, Erik Norgaard wrote:
> Honestly, I wouldn't worry about it: review your config and make some
> simple choices to reduce the noise, see this article:
>
> http://www.securityfocus.com/infocus/1876
>
But I rather thought that was the point of 'bruteblock' -- it
reduces the noise by blackholing the offending IPs for an hour or so. This
blackholing doesn't appear to be happening, and I don't understand why.
Could it be a permission problem -- syslog doesn't have permission
to change the firewall rules?
Schwab
More information about the freebsd-questions
mailing list