Banning ips for some time?
Anthony Atkielski
atkielski.anthony at wanadoo.fr
Tue Jan 25 01:24:44 PST 2005
Christian Tischler writes:
CT> Hi,
CT> as I have an DSL line witch is 24/7 online (coming from an big and
CT> popular provider) my servers sshd reports 30 to 50 failed
CT> root/operator/etc. logins a day. I would like to block the incoming ip
CT> for a few days automaticly after e.g failed login requests.
CT> Currently I am using ipf, but it would be no problem to use any other
CT> FreeBSD firewall.
CT> This is not only for security reasons, but also to shorten the daily
CT> security run output :-)
Do you have a need to access your server from the outside Net? If not,
you can just block the SSH port entirely at the firewall (which is what
I do).
Almost doesn't count in securityland, so as long as the logins are
failing, they're not a security risk, just a nuisance.
--
Anthony
More information about the freebsd-questions
mailing list