Date: Wed, 8 Sep 2004 11:47:35 -0400 From: "JJB" <Barbish3@adelphia.net> To: "Mike Galvez" <hoosyerdaddy@virginia.edu> Cc: freebsd-questions@freebsd.org Subject: RE: Tar pitting automated attacks Message-ID: <MIEPLLIBMLEEABPDBIEGIEOBGKAA.Barbish3@adelphia.net> In-Reply-To: <20040908145459.GA19090@humpty.finadmin.virginia.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
If you have no need for remote users to ssh into your system them remove the ssh enable statement from rc.conf. If you do need ssh then change its default port to some thing else and have all authorized remote ssh users add the new port number to the remote ssh login command. This will stop all your bad ssh login attempts. Then you can have your ipfilter firewall log all the ssh attempts to the ssh default port number and then run the log through this abuse reporting application. http://freebsd.a1poweruser.com:6088/99.20-abuse_rpts_download.htm This application has been made into a FreeBSD port but it has not been officially accepted yet. This is my passive-aggressive solution to putting a stop to port scanning.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGIEOBGKAA.Barbish3>