Attacks on ssh port

Mikhail Goriachev mikhailg at webanoide.org
Sun Sep 19 02:33:46 PDT 2004


Antony Mawer wrote:
> Chris Ryan wrote:
> 
>>protection - with the appropriate active firewall that
>>blocks their IP address after x failed attempts
>>permanently....
> 
> 
> Has anyone found any good scripts or utilities for automating this kind 
> of thing? I too have been subject to these probings, and my initial 
> thought was to firewall off any address after any number of incorrect 
> attempts.
> 
> While I could write a script to parse the ipfilter logs, I didn't want 
> to go re-inventing the wheel for something which I was sure someone 
> would have already attempted.
> 
> Anyone have any suggestions?
> 
> Cheers
> Antony

Is it actually good idea to block those IPs? I get lots of attacks too 
on daily basis on my machines for: root, man, smmsp, nobody, bin, 
daemon, tty, uucp, mailnull, you-name-it etc. For several weeks I sent 
e-mails to abuse@{$attack-comming-from-x-network}.{$domain} and 0.01% of 
them replied. However, the attacks never come from same networks nor IPs.

My 2 cents.

Cheers,
Mikhail



More information about the freebsd-security mailing list