/etc/hosts.deniedssh
Adam Vande More
amvandemore at gmail.com
Mon Jan 18 22:53:15 UTC 2010
On Mon, Jan 18, 2010 at 4:39 PM, David Southwell <david at vizion2000.net>wrote:
> Examples from hosts.deniedssh
> I seem to be on the receiving end of a concerted series of unsuccessful
> break
> in attacks on one of our systems. One small part of the attack has
> resulted
> in over 2000 entries in our hosts.deniedssh file in less than 1 hour.
>
> I would be interested in any comments on the small example shown below and
> any
> advice.
>
> Thanks in advance
>
> David
> r200-40-132-245.static.adinet.com.uy
> mail.munisanmiguel.gob.pe
> port-83-236-241-198.static.qsc.de
> pd95b50ce.dip0.t-ipconnect.de
> v32641.1blu.de
> dubovik.net
> r200-40-132-245.static.adinet.com.uy
> mail.munisanmiguel.gob.pe
> port-83-236-241-198.static.qsc.de
> pd95b50ce.dip0.t-ipconnect.de
> v32641.1blu.de
> dubovik.net
> r200-40-132-245.static.adinet.com.uy
> mail.munisanmiguel.gob.pe
> port-83-236-241-198.static.qsc.de
> pd95b50ce.dip0.t-ipconnect.de
> v32641.1blu.de
> dubovik.net
> r200-40-132-245.static.adinet.com.uy
> mail.munisanmiguel.gob.pe
> port-83-236-241-198.static.qsc.de
> pd95b50ce.dip0.t-ipconnect.de
> v32641.1blu.de
> dubovik.net
> r200-40-132-245.static.adinet.com.uy
> mail.munisanmiguel.gob.pe
> port-83-236-241-198.static.qsc.de
> pd95b50ce.dip0.t-ipconnect.de
> v32641.1blu.de
> dubovik.net
> r200-40-132-245.static.adinet.com.uy
> mail.munisanmiguel.gob.pe
> port-83-236-241-198.static.qsc.de
> pd95b50ce.dip0.t-ipconnect.de
> v32641.1blu.de
> dubovik.net
> r200-40-132-245.static.adinet.com.uy
> mail.munisanmiguel.gob.pe
> port-83-236-241-198.static.qsc.de
> pd95b50ce.dip0.t-ipconnect.de
> v32641.1blu.de
> dubovik.net
> r200-40-132-245.static.adinet.com.uy
>
Looks like your conf could use some love. Why are you resolving ip's?
Thresholds can be lowered. Are you syncing with remote list?
--
Adam Vande More
More information about the freebsd-questions
mailing list