Date: Mon, 10 Jan 2005 16:30:07 -0500 From: daniel quinn <freebsd@danielquinn.org> To: freebsd-questions@freebsd.org Subject: Re: Blacklisting IPs Message-ID: <200501101630.08020.freebsd@danielquinn.org> In-Reply-To: <fd091951050109222052228399@mail.gmail.com> References: <20050110035717.27062.qmail@web41008.mail.yahoo.com> <fd091951050109222052228399@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On January 10, 2005 01:20 am, artware wrote:
> My 5.3R system has only been up a little over a week, and I've already
> had a few breakin attempts -- they show up as Illegal user tests in
> the /var/log/auth.log... It looks like they're trying common login
> names (probably with the login name used as passwd). It takes them
> hours to try a dozen names, but I'd rather not have any traffic from
> these folks. Is there any way to blacklist IPs at the system level, or
> do I have to hack something together for each daemon?
i have three suggestions for this:
1) edit sshd_config to set PermitRootLogin to "no". since root is the only
user on your system that obviously exists elsewhere, this is a nice start
2) setup sshd to allow connections with keys only. then go buy yourself a
usb key and keep your private key on there when you connect.
3) use a port-knocking daemon:
http://www.portknocking.org/
http://www.zeroflux.org/knock/
--
those who say it cannot be done
should not interrupt the person doing it
- unknown
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200501101630.08020.freebsd>