connections from dialup IP's

Bill Moran wmoran at
Tue Sep 28 09:48:04 PDT 2004

"dave" <dmehler26 at> wrote:

> Hello,
>     Last evening i had a pretty determined dialup user try to ssh in to my
> system as root, the logs showed he tried for over 15 minutes. What i'd like
> to know is is there a way of dropping a connection from an IP if it connects
> more than x times in a minute? Or any other suggestions of dealing with
> this? I did a host lookup on the IP,
> which came back not found which kind of tells me he got offline. Suggestions
> welcome.
>     Also i'm not familiar with the .kr domain i'd like to block connections
> from that one as well, same reason this one 4 minutes

A whois lookup will tell you what IPs belong to a particular domain.
You can then use the technique of your choice to block them, whether
it be packet filter or host.allow-like functionality.

I usually just add an ipfw rule, myself, but you've got lots of

Bill Moran
Potential Technologies

More information about the freebsd-questions mailing list