'blacklisting' an IP-address after several loginfailures?

Lowell Gilbert freebsd-questions-local at be-well.ilk.org
Mon Oct 11 14:58:19 PDT 2004


Joachim Dagerot <freebsd at dagerot.nu> writes:

> I'm under attack!
> 
> I have pages up and down with failed login attempts, usually they are
> trying to hack the root account (which simply can't be used to get in
> by SSH) but they are also trying to access the system with various
> usernames (bruth force).
> 
> Is it easy to load a package that simply adds a deny entry for each IP
> that has failed to login for X amounts of tries?

See the "MaxStartups" option for configuring sshd.

This is somewhat similar to what you were describing, but without the
downside of giving an attacker the ability to lock some victim out of
access to your machine.


More information about the freebsd-questions mailing list