connections from dialup IP's
R. W.
list-freebsd-2004 at morbius.sent.com
Tue Sep 28 10:13:18 PDT 2004
On Tuesday 28 September 2004 17:43, dave wrote:
> Hello,
> Last evening i had a pretty determined dialup user try to ssh in
> to my system as root, the logs showed he tried for over 15 minutes.
> What i'd like to know is is there a way of dropping a connection from
> an IP if it connects more than x times in a minute? Or any other
> suggestions of dealing with this? I did a host lookup on the IP,
> 211.206.125.39
> which came back not found which kind of tells me he got offline.
> Suggestions welcome.
> Also i'm not familiar with the .kr domain i'd like to block
> connections from that one as well, same reason this one 4 minutes
> 165.132.58.56 Thanks.
One thing I think you should do is edit sshd_config to disallow direct
root logins, I thought that was the default. You can still su to root,
unless you disallow the wheel group. I have it setup so users have to
be in a dedicted ssh-users group.
I think you can force sshd to use login, which gives you some back-off
options (see man login.conf).
Another thing is to configure your firewall to allow ssh only from
specified hosts or ip ranges. Take a look at the ipfw articles here:
http://www.onlamp.com/topics/bsd/firewalls
More information about the freebsd-questions
mailing list