From owner-freebsd-questions@FreeBSD.ORG  Wed Sep  8 15:47:36 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 995CA16A4CE
	for <freebsd-questions@freebsd.org>;
	Wed,  8 Sep 2004 15:47:36 +0000 (GMT)
Received: from mta9.adelphia.net (mta9.adelphia.net [68.168.78.199])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4299C43D55
	for <freebsd-questions@freebsd.org>;
	Wed,  8 Sep 2004 15:47:36 +0000 (GMT)
	(envelope-from Barbish3@adelphia.net)
Received: from barbish ([67.20.101.71]) by mta9.adelphia.net
          (InterMail vM.6.01.03.02 201-2131-111-104-20040324) with SMTP
          id <20040908154735.TDLQ2583.mta9.adelphia.net@barbish>;
          Wed, 8 Sep 2004 11:47:35 -0400
From: "JJB" <Barbish3@adelphia.net>
To: "Mike Galvez" <hoosyerdaddy@virginia.edu>
Date: Wed, 8 Sep 2004 11:47:35 -0400
Message-ID: <MIEPLLIBMLEEABPDBIEGIEOBGKAA.Barbish3@adelphia.net>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)
In-Reply-To: <20040908145459.GA19090@humpty.finadmin.virginia.edu>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Importance: Normal
cc: freebsd-questions@freebsd.org
Subject: RE: Tar pitting automated attacks
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Barbish3@adelphia.net
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Sep 2004 15:47:36 -0000


If you have no need for remote users to ssh into your system them
remove the ssh enable statement from rc.conf. If you do need ssh
then change its default port to some thing else and have all
authorized remote ssh users add the new port number to the remote
ssh login command. This will stop all your bad ssh login attempts.
Then you can have your ipfilter firewall log all the ssh attempts to
the ssh default port number and then run the log through this abuse
reporting application.
http://freebsd.a1poweruser.com:6088/99.20-abuse_rpts_download.htm
This application has been made into a FreeBSD port but it has not
been officially accepted yet.


This is my passive-aggressive solution to putting a stop to port
scanning.