Banning ips for some time?
Joshua Tinnin
krinklyfig at spymac.com
Tue Jan 25 05:30:44 PST 2005
On Tuesday 25 January 2005 01:18 am, Christian Tischler
<mail at myunix.net> wrote:
> Hi,
> as I have an DSL line witch is 24/7 online (coming from an big and
> popular provider) my servers sshd reports 30 to 50 failed
> root/operator/etc. logins a day. I would like to block the incoming
> ip for a few days automaticly after e.g failed login requests.
> Currently I am using ipf, but it would be no problem to use any other
> FreeBSD firewall.
> This is not only for security reasons, but also to shorten the daily
> security run output :-)
Some people have already provided good suggestions, and this isn't
something to worry about unless someone does get in, but the easiest
way to prevent this from happening is to make sshd listen on a
different port, preferably a high-numbered one. Then, you close port 22
on your firewall and open the one you designated for sshd, and you
login to that port from the other machine with ssh. Also, can you go
without logins, i.e., can you go entirely with key-based
authentication? That can help, too, as well as preventing root from
logging in remotely or to ssh (a user in wheel can su), but changing
the port often stops attempted ssh logins entirely.
- jt
More information about the freebsd-questions
mailing list