Security blocking question

Gary Gatten Ggatten at
Fri Oct 9 21:53:48 UTC 2009

I might also add, if it's only a handful that have legitimate access
requirements, maybe black hole all ip's from locations (countries, etc.)
they'll never be in.  We see a lot of bad traffic from well, certain
countries and we simply null route them.  Or if I feel like playing a
bit I'll route them to a tar-pit and honey pot just to see what they do.
Pretty entertaining sometimes! :)

-----Original Message-----
From: owner-freebsd-questions at
[mailto:owner-freebsd-questions at] On Behalf Of Adam Vande
Sent: Friday, October 09, 2009 4:48 PM
To: Aflatoon Aflatooni
Cc: freebsd-questions at
Subject: Re: Security blocking question

On Fri, Oct 9, 2009 at 4:45 PM, Aflatoon Aflatooni
<aaflatooni at>wrote:

> Hi,
> The production server that has a public IP address has SSH enabled.
> server is continuously under dictionary attack:
> Oct  8 12:58:40 seven sshd[32248]: Invalid user europa from
> Oct  8 12:58:40 seven sshd[32250]: Invalid user hacked from
> Oct  8 12:58:40 seven sshd[32251]: Invalid user cop\r from
> Oct  8 12:58:41 seven sshd[32254]: Invalid user gel from
> Oct  8 12:58:41 seven sshd[32255]: Invalid user dork from
> Oct  8 12:58:41 seven sshd[32258]: Invalid user eva from
> Oct  8 12:58:41 seven sshd[32260]: Invalid user hacker from
> Oct  8 12:58:41 seven sshd[32261]: Invalid user copila\r from
> Oct  8 12:58:42 seven sshd[32265]: Invalid user dorna from
> Oct  8 12:58:42 seven sshd[32264]: Invalid user gelo from
> Oct  8 12:58:42 seven sshd[32268]: Invalid user evara from
> Oct  8 12:58:43 seven sshd[32270]: Invalid user hack from
> Oct  8 12:58:43 seven sshd[32271]: Invalid user copil\r from
> Oct  8 12:58:43 seven sshd[32274]: Invalid user Doubled from
> Oct  8 12:58:43 seven sshd[32275]: Invalid user gelos from
> Oct  8 12:58:44 seven sshd[32278]: Invalid user eve from
> Is there a way that I could configure the server so that if there are
> example X attempts from an IP address then for the next Y hours all
the SSH
> requests would be ignored from that IP address?
> There are only a handful of people who have access to that server.
> Thanks

Adam Vande More
freebsd-questions at mailing list
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at"

<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."

More information about the freebsd-questions mailing list