autoblocking many ssh failed logins from the same IP....
John Brooks
john at day-light.com
Fri Jul 1 14:11:36 GMT 2005
they are originating from the high ports, arriving on port 22 at your
box. this is normal. in a default setup sshd only listens on port 22.
--
John Brooks
john at day-light.com
> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of John Cholewa
> Sent: Friday, July 01, 2005 8:43 AM
> To: freebsd-questions at freebsd.org
> Subject: autoblocking many ssh failed logins from the same IP....
>
>
> Jun 30 10:36:05 phantom sshd[70478]: Failed password for news
> from 212.88.182.121 port 51218 ssh2
> Jun 30 10:36:16 phantom sshd[70500]: Failed password for sshd
> from 212.88.182.121 port 51608 ssh2
> Jun 30 10:36:39 phantom sshd[70569]: Failed password for root
> from 212.88.182.121 port 52297 ssh2
>
> I get the above a lot in my logs (except more of it). Each day,
> a couple hundred failed attempts to log in from one or sometimes
> two IP addresses shows up. I don't have anything like ipf
> running, and since this machine is about fifteen hundred miles
> away from me, I don't want to experiment with software
> firewalling right now.
>
> That known, is there any way to tell sshd (or some more powerful
> daemon) to stop accepting login attempts from a given IP if it
> tries and fails to log in too many times in a limited duration
> (like in the same minute)?
>
> I suppose, now that I'm thinking about it, that it'd be best to
> actually just read the man pages and figure out how to get sshd
> to ignore any attempt to attach from ports other than 22. I
> mean, why are other machines trying to ssh in at ports over fifty
> thousand anyway?
>
> --
> -JC
> http://www.livejournal.com/users/jcholewa/
>
> PS: Oh, yeah ... "FreeBSD 4.8-RELEASE #0: Thu Apr 3 10:53:38
> GMT 2003" ; openssh-3.6.1_5 ; openssl-0.9.7d_1
>
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list