connections from dialup IP's

R. W. list-freebsd-2004 at
Tue Sep 28 10:13:18 PDT 2004

On Tuesday 28 September 2004 17:43, dave wrote:
> Hello,
>     Last evening i had a pretty determined dialup user try to ssh in
> to my system as root, the logs showed he tried for over 15 minutes.
> What i'd like to know is is there a way of dropping a connection from
> an IP if it connects more than x times in a minute? Or any other
> suggestions of dealing with this? I did a host lookup on the IP,
> which came back not found which kind of tells me he got offline.
> Suggestions welcome.
>     Also i'm not familiar with the .kr domain i'd like to block
> connections from that one as well, same reason this one 4 minutes
> Thanks.

One thing I think you should do is edit sshd_config  to disallow direct 
root logins, I thought that was the default. You can still su to root, 
unless you disallow the wheel group. I have it setup so users have to 
be in a dedicted ssh-users group.

I think you can force sshd to use login, which gives you some back-off  
options (see man login.conf). 

Another thing is to configure your firewall to allow ssh only from 
specified hosts or ip ranges. Take a look at the ipfw articles here: 

More information about the freebsd-questions mailing list