Block IP

Michael bsdannounce at
Fri Dec 22 19:18:42 PST 2006

I can tell you what I do about these, which may not suit your situation 
especially if this is on a high profile server, but if you are just 
running FreeBSD for your own purposes I found this to be a great tool.

It's called BlockHosts and can be found here

If you are on a high profile server however I wouldn't recommend this 
because your hosts.allow file will fill up, otherwise you may want to 
check it out.

Take care,


Oliver Fromme wrote:
> Graham Menhennitt wrote:
>  > Christopher Hilton wrote:
>  > > If it's at all possible switch to using public keys for authentication
>  > > with ssh and disallow password authentication. This completely stops
>  > > the brute forcing attacks from filling up your periodic security mail.
>  > Are you sure about that? I only allow PublickeyAuthentication ssh2
>  > connections but I get lots of security mail messages like:
>  > 
>  > Nov 16 01:44:08 maxwell sshd[70067]: Invalid user marcos from
>  > Nov 16 01:44:23 maxwell sshd[70067]: reverse mapping checking getaddrinfo for failed - POSSIBLE BREAKIN ATTEMPT!
> Those are caused by different things.  They're not caused
> by wrong passwords, but by an illegal user name (first line)
> or by non-matching reverse DNS (second line).  These things
> are checked even bevore any user keys are exchanged, so the
> authentication method doesn't matter.
> They can be savely ignored, because you're immune to brute-
> force attacks.  If you don't want to see them, a simple
> "egrep -v ..." in /etc/periodic/security/800.loginfail will
> do.
> Best regards
>    Oliver

More information about the freebsd-stable mailing list