connections from dialup IP's
Bill Moran
wmoran at potentialtech.com
Tue Sep 28 09:48:04 PDT 2004
"dave" <dmehler26 at woh.rr.com> wrote:
> Hello,
> Last evening i had a pretty determined dialup user try to ssh in to my
> system as root, the logs showed he tried for over 15 minutes. What i'd like
> to know is is there a way of dropping a connection from an IP if it connects
> more than x times in a minute? Or any other suggestions of dealing with
> this? I did a host lookup on the IP, 211.206.125.39
> which came back not found which kind of tells me he got offline. Suggestions
> welcome.
> Also i'm not familiar with the .kr domain i'd like to block connections
> from that one as well, same reason this one 4 minutes 165.132.58.56
A whois lookup will tell you what IPs belong to a particular domain.
You can then use the technique of your choice to block them, whether
it be packet filter or host.allow-like functionality.
I usually just add an ipfw rule, myself, but you've got lots of
choices.
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
More information about the freebsd-questions
mailing list