Cutting down on ssh breakin attempts
Kyle Jensen
kljgroups at gmail.com
Mon Mar 14 21:04:46 PST 2005
Hi,
I run a webmail server for a small company, which
is (of course) running FreeBSD 5-stable. I get about
50-100 failed loging attempts via ssh on a daily basis.
Occasionally, these show up in my daily security digest
with messages like:
reverse mapping checking getaddrinfo for h169-210-68-8.a
dcast.com.tw failed - POSSIBLE BREAKIN ATTEMPT!
But mostly it's stuff like
Illegal user postgres from 210.68.8.169
What's the best way to cut down on these attempts?
I thought about adding a blacklist to my pf.conf rules
for the pf firewall.
Any thoughts would be greatly appreciated!
Kyle
More information about the freebsd-questions
mailing list