Tar pitting automated attacks

JJB Barbish3 at adelphia.net
Wed Sep 8 08:47:36 PDT 2004

If you have no need for remote users to ssh into your system them
remove the ssh enable statement from rc.conf. If you do need ssh
then change its default port to some thing else and have all
authorized remote ssh users add the new port number to the remote
ssh login command. This will stop all your bad ssh login attempts.
Then you can have your ipfilter firewall log all the ssh attempts to
the ssh default port number and then run the log through this abuse
reporting application.
This application has been made into a FreeBSD port but it has not
been officially accepted yet.

This is my passive-aggressive solution to putting a stop to port

More information about the freebsd-questions mailing list