Thousands of ssh probes
kingedgar at gmail.com
Mon Mar 8 22:21:49 UTC 2010
On Mon, Mar 8, 2010 at 16:11, Erik Norgaard <norgaard at locolomo.org> wrote:
> On 08/03/10 18:56, Jason Garrett wrote:
> Much better, restrict the client access to certain ranges of IPs. The
>>> different registries publish ip ranges assigned per country and you can
>>> create a list blocking countries you are certain not to visit, you can
>>> my script:
>>> Great script! Just one question. Where do you put the list of denied ip
> The output is written to be used with packet filter, if you use some other
> firewall you may need edit the script. If you use packet filter, then you
> can dump the list into a file and create tables like this:
> table <blacklist> persist file "/etc/blacklist"
> block in quick from <blacklist>
> I use blacklisting for mail while I use whitelisting for ssh.
> You should know the limits of the script, the problem is that some ranges
> have been assigned directly by IANA, particularly for US. These are not
> included. The list is limited as these are all /8 chunks, you can find it
> These ranges are managed by private organisations and assigned as they see
> There is another thing I'd like to filter by: I'd like to eliminate dynamic
> ranges, particularly for mail. It's been recommended that reverse lookup
> resolves to something like dyn.example.com or dynamic.example.com, but
> there is no registry where you can simply look it up.
Thanks! I'm not sure what ranges the OP is looking for, but I only want to
allow from US ip's for now, since I never travel outside the country.
> BR, Erik
> Erik Nørgaard
> Ph: +34.666334818/+34.915211157 http://www.locolomo.org
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions