Thousands of ssh probes

John john at
Fri Mar 5 12:54:47 UTC 2010

My nightly security logs have thousands upon thousands of ssh probes
in them.  One day, over 6500.  This is enough that I can actually
"feel" it in my network performance.  Other than changing ssh to
a non-standard port - is there a way to deal with these?  Every
day, they originate from several different IP addresses, so I can't
just put in a static firewall rule.  Is there a way to get ssh
to quit responding to a port or a way to generate a dynamic pf
rule in cases like this?

John Lind
john at starfire.MN.ORG

More information about the freebsd-questions mailing list