Attacks on ssh port
Mikhail Goriachev
mikhailg at webanoide.org
Sun Sep 19 02:33:46 PDT 2004
Antony Mawer wrote:
> Chris Ryan wrote:
>
>>protection - with the appropriate active firewall that
>>blocks their IP address after x failed attempts
>>permanently....
>
>
> Has anyone found any good scripts or utilities for automating this kind
> of thing? I too have been subject to these probings, and my initial
> thought was to firewall off any address after any number of incorrect
> attempts.
>
> While I could write a script to parse the ipfilter logs, I didn't want
> to go re-inventing the wheel for something which I was sure someone
> would have already attempted.
>
> Anyone have any suggestions?
>
> Cheers
> Antony
Is it actually good idea to block those IPs? I get lots of attacks too
on daily basis on my machines for: root, man, smmsp, nobody, bin,
daemon, tty, uucp, mailnull, you-name-it etc. For several weeks I sent
e-mails to abuse@{$attack-comming-from-x-network}.{$domain} and 0.01% of
them replied. However, the attacks never come from same networks nor IPs.
My 2 cents.
Cheers,
Mikhail
More information about the freebsd-security
mailing list