Illegal access attempt - FreeBSD 5.4 Release - please advise
nawcom at nawcom.no-ip.com
Sat Aug 27 23:59:27 GMT 2005
I also get a large amount of atttacks via ssh, i decided that the people
who have access to my server (only 12) know what their usernames are. my
decision was to set up a swatch script to monitor the types of errors
that are picked up in the logs:
-if the attempt was with a username that doesnt exist - i add the ip to
a db of banned ips and flush and restart ipfw
-if it is from a username that does exist - i give the person 5 tries,
if by the 5th try they cant get in, i add the ip to the db as stated above.
it sounds pretty harsh, but it definetely stops those idiots. ive got a
large list of ips, and from nmapping them most are from people running
entry level linux distros with many holes in their security setup. i
could get revenge, but not worth it.
if anyone is curious about the script let me know,
Maarten Sanders wrote:
>On Thu, 2005-08-25 at 07:22 -0400, Lee Capps wrote:
>>On 11:18 Wed 24 Aug , Chris St Denis wrote:
>>>How can I easily auto deny after x failed attempts? Is this an sshd setting?
>>>I could find it.
>>>Is there something in ports that will firewall off somebody who is brute
>>In addition to adding entries to /etc/hosts.allow you could try
>>I didn't find a port, but it works with FreeBSD and isn't too onerous to
>>freebsd-questions at freebsd.org mailing list
>>To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>Nice suggestion, but how do I enable tcp_wrappers with sshd?
>See : http://denyhosts.sourceforge.net/ssh_config.html
>I tried adding
>sshd: 127.0.0.1 : deny to /etc/hosts.allow but I failed the described
>freebsd-questions at freebsd.org mailing list
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions