How to Stop Bruit Force ssh Attempts?
Chris Maness
chris at chrismaness.com
Sun Mar 19 00:00:48 UTC 2006
Kris Anderson wrote:
> --- Chris Maness <chris at chrismaness.com> wrote:
>
>
>> In my auth log I see alot of bruit force attempts to
>> login via ssh. Is
>> there a way I can have the box automatically kill
>> any tcp/ip
>> connectivity to hosts that try and fail a given
>> number of times? Is
>> there a port or something that I can install to give
>> this kind of
>> protection. I'm still kind of a FreeBSD newbie.
>>
>> Thanks,
>> Chris Maness
>>
>
> Hey there,
> A couple of things you could try. I believe there is a
> port that watches log files, utilizing that you could
> create a script to add the IP to your firewall rules
> then after a time remove it.
>
> The other way is to use snort_inline and see how that
> works.
>
> Hope that helps.
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
I'm using denyhost per someone on the lists recomendation. It works
very well.
More information about the freebsd-questions
mailing list