High levels of breakin attempts
Carleton Vaughn
keebler at mindspring.com
Tue Jan 11 06:19:23 PST 2005
Gene wrote:
> Over the past few months there have been a remarkably high level of
> brute force attacks logged by sshd. I was wondering, is there a way that
> sshd (or some other package) can monitor login attempts and if more than
> say 5 or 6 attempts are made to login from a particular ip address,
> temporarily block that address (perhaps at the firewall)? It'd be real
> satisfying to just dump the attackers' packets to the bit bucket and
> slow 'em down a bit.
Not that I'm an expert (and not that that's stopping me), but this can
be done by configuring sshd to use PAM and selecting a PAM module such
as pam_abl that can blacklist sites that send too many attempts. See
http://www.kernel.org/pub/linux/libs/pam/modules.html for examples.
--
Carleton Vaughn
College Park, Georgia, USA
More information about the freebsd-questions
mailing list