Blacklisting IPs

Kevin Kinsey kdk at
Mon Jan 10 08:41:06 PST 2005

artware wrote:

>Hello again,
>My 5.3R system has only been up a little over a week, and I've already
>had a few breakin attempts -- they show up as Illegal user tests in
>the /var/log/auth.log... It looks like they're trying common login
>names (probably with the login name used as passwd). It takes them
>hours to try a dozen names, but I'd rather not have any traffic from
>these folks. Is there any way to blacklist IPs at the system level, or
>do I have to hack something together for each daemon?
>- ben


There were a lot of varying ideas in a thread titled "blacklisting failed
ssh attempts on this list about Dec. 1st --- perhaps you can gain some
wisdom there.

I don't know that it's much to worry about, just a bot looking
for lame passwords on Linux boxen.  There are a number of
possible responses, and the likelihood of a successful "attack"
via this mechanism seems slim....

Kevin Kinsey

More information about the freebsd-questions mailing list