From owner-freebsd-questions@FreeBSD.ORG  Fri Oct  9 21:45:52 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C0BB71065696
	for <freebsd-questions@freebsd.org>;
	Fri,  9 Oct 2009 21:45:52 +0000 (UTC)
	(envelope-from aaflatooni@yahoo.com)
Received: from web56207.mail.re3.yahoo.com (web56207.mail.re3.yahoo.com
	[216.252.110.216])
	by mx1.freebsd.org (Postfix) with SMTP id 6AC248FC1B
	for <freebsd-questions@freebsd.org>;
	Fri,  9 Oct 2009 21:45:52 +0000 (UTC)
Received: (qmail 11411 invoked by uid 60001); 9 Oct 2009 21:45:51 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024;
	t=1255124751; bh=cnZz4Tj+UJzADmN/wBjZOnIaGrB2dPyz34wZLntS0xk=;
	h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
	b=iaPzrtUptwLq5uyVSevlYEBaklf3We6XpM2r9EtXss6FpIWofxjV5miDvZYMsBteKS1504KqxABppfCeXUo/ZrYgVuC6YeQK/wYQ0W+dcMV5y5yLadOuJzDi/yq/PLfsekEaG88KPgbLeXOIMu1Xy+pRt3m2jKmiI4b69ZvpQ/U=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com;
	h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
	b=vhXcLe2swMkd4C6eU2aADXpsHDUDcFG3c9F87u0eXMWwbLodhmwUypFhtbPUnwuxXdpJIuYBF+RdupxhxJblsWJ5Q2B+5PdjgRfM4jYd13Q276Vy8Bwn7Wl6/ugTRVrrqW7RvrBYi5J3dB3FGx9YU+hM36RsVRmNl9+tUY+FKMI=;
Message-ID: <526808.11391.qm@web56207.mail.re3.yahoo.com>
X-YMail-OSG: o95p7fkVM1mz29K5VXSo2s9BjQgkUQfkygEF4lwp4TOPx1Dbje3jbgQYXnpRSN5Sh5dG15oG.EgD6_zpTCMxv0rCClnd0XaDh39_Lefqg_SW3zMjWEzIh1.Q3UbsNW62JJFqQY5zYXy3_gDE2GDBovBWY600ck6xftvLsrTJdT010xxJyqIPW3jZNPuG1CXweXXYBOvqfWB.FHZ1vwaqX4Ej0FO34D0OLhxHTAXYqyvf1vh50b2hOB8GUtMPpaaQARj8EP4Lj177AS6lMQKIsDxnmqB_lCaq11yEKfsnxSZEMiH0ZWXgDHnsqwDxvAaTVna.Nl5vTvLWilN40Q5lMvSg8Tpt11R866lJH98WTCQIIeo_udielbL3
Received: from [69.172.83.42] by web56207.mail.re3.yahoo.com via HTTP;
	Fri, 09 Oct 2009 14:45:51 PDT
X-Mailer: YahooMailRC/182.10 YahooMailWebService/0.7.347.3
Date: Fri, 9 Oct 2009 14:45:51 -0700 (PDT)
From: Aflatoon Aflatooni <aaflatooni@yahoo.com>
To: freebsd-questions@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: Security blocking question
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Oct 2009 21:45:52 -0000

Hi,=0AThe production server that has a public IP address has SSH enabled. T=
his server is continuously under dictionary attack:=0AOct=A0 8 12:58:40 sev=
en sshd[32248]: Invalid user europa from 83.65.199.91=0AOct=A0 8 12:58:40 s=
even sshd[32250]: Invalid user hacked from 83.65.199.91=0AOct=A0 8 12:58:40=
 seven sshd[32251]: Invalid user cop\r from 83.65.199.91=0AOct=A0 8 12:58:4=
1 seven sshd[32254]: Invalid user gel from 83.65.199.91=0AOct=A0 8 12:58:41=
 seven sshd[32255]: Invalid user dork from 83.65.199.91=0AOct=A0 8 12:58:41=
 seven sshd[32258]: Invalid user eva from 83.65.199.91=0AOct=A0 8 12:58:41 =
seven sshd[32260]: Invalid user hacker from 83.65.199.91=0AOct=A0 8 12:58:4=
1 seven sshd[32261]: Invalid user copila\r from 83.65.199.91=0AOct=A0 8 12:=
58:42 seven sshd[32265]: Invalid user dorna from 83.65.199.91=0AOct=A0 8 12=
:58:42 seven sshd[32264]: Invalid user gelo from 83.65.199.91=0AOct=A0 8 12=
:58:42 seven sshd[32268]: Invalid user evara from 83.65.199.91=0AOct=A0 8 1=
2:58:43 seven sshd[32270]: Invalid user hack from 83.65.199.91=0AOct=A0 8 1=
2:58:43 seven sshd[32271]: Invalid user copil\r from 83.65.199.91=0AOct=A0 =
8 12:58:43 seven sshd[32274]: Invalid user Doubled from 83.65.199.91=0AOct=
=A0 8 12:58:43 seven sshd[32275]: Invalid user gelos from 83.65.199.91=0AOc=
t=A0 8 12:58:44 seven sshd[32278]: Invalid user eve from 83.65.199.91=0A=0A=
Is there a way that I could configure the server so that if there are for e=
xample=A0X attempts from an IP address then for the next=A0Y hours all the =
SSH requests would be ignored from that IP address? =0AThere are only a han=
dful of people who have access to that server.=0A=0AThanks=0A=0A=0A=0A     =