Banning ips for some time?
Peter N. M. Hansteen
peter at bgnett.no
Tue Jan 25 04:20:41 PST 2005
Christian Tischler <mail at myunix.net> writes:
> as I have an DSL line witch is 24/7 online (coming from an big and
> popular provider) my servers sshd reports 30 to 50 failed
> root/operator/etc. logins a day. I would like to block the incoming ip
> for a few days automaticly after e.g failed login requests.
As others have said, this is probably more of a nuisance issue than a
security issue.
Anyway, this was discussed recently on undeadly.org (aka OpenBSD
Journal). The discussion, which offers some interesting input (some of
it OpenBSD specific or at least requiring pf), is available at
http://undeadly.org/cgi?action=article&sid=20041231195454
Then again, at least in some cases, the people listed in the whois info
for the offending IP appreciate a politely worded notification. Quite
likely they do not want this kind of activity either.
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"
More information about the freebsd-questions
mailing list