Date: Thu, 21 Dec 2006 16:33:21 +0100 (CET) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-stable@FreeBSD.ORG, suhailc@gmail.com Subject: Re: Block IP Message-ID: <200612211533.kBLFXLaW090581@lurza.secnetix.de> In-Reply-To: <ca7cee960612201250s5056b050w4d48a96d2c52e081@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Suhail Choudhury <suhailc@gmail.com> wrote: > What's the easiest way to add an IP such as 80.192.49.213 to block it? Easy: # ipfw add deny ip from 80.192.49.213 to me Depending on your existing rules, you might have to specify a rule number, so the new rule is inserted at an appropriate position. Please refer to the ipfw(8) manual page for details. > Also how do I block out IPs after a certain number of invalid login > attempts to prevent brute forcing? In general that's not a good idea. If you do it wrong, it makes DoS attacks against your machine easier (i.e. a clever attacker might be able to lock yourself out of your own machine). And getting it right is not easy. The best way to prevent brute-forcing is to use good pass- words, or -- even better -- don't use passwords at all, but key authentication or OTP (SKey / OPIE). Another thing that you can do is to move the sshd to a non- standard port (i.e. something other than 22). Attackers who look for machines for brute-forcing usually scan networks for port 22 only. However, note that using a non-standard port does _not_ make your machine more secure (that would rather be "security by obscurity"). It only prevents your machine from appearing in standard ssh scans, so it gets rid of almost all of the "ssh login failures" in your daily run output which result from such attempts. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "We, the unwilling, led by the unknowing, are doing the impossible for the ungrateful. We have done so much, for so long, with so little, we are now qualified to do anything with nothing." -- Mother Teresa
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200612211533.kBLFXLaW090581>