racerx at makeworld.com
Mon Jan 10 16:07:13 PST 2005
> Hello again,
> My 5.3R system has only been up a little over a week, and I've already
> had a few breakin attempts -- they show up as Illegal user tests in
> the /var/log/auth.log... It looks like they're trying common login
> names (probably with the login name used as passwd). It takes them
> hours to try a dozen names, but I'd rather not have any traffic from
> these folks. Is there any way to blacklist IPs at the system level, or
> do I have to hack something together for each daemon?
> - ben
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
Here's what I do -
as root: route -nq add -host xxx.xxx.xxx.xxx 127.0.0.1 -blackhole
To the attacker, it looks as if you dropped off the net.
To save disk space in your home directory, compress files you rarely
use with "gzip filename".
-- Dru <genesis at istar.ca>
More information about the freebsd-questions