From owner-freebsd-questions@FreeBSD.ORG Tue Jan 11 00:07:13 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 928AC16A4CE for ; Tue, 11 Jan 2005 00:07:13 +0000 (GMT) Received: from makeworld.com (makeworld.com [198.92.228.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3D7DF43D48 for ; Tue, 11 Jan 2005 00:07:13 +0000 (GMT) (envelope-from racerx@makeworld.com) Received: from localhost (localhost.com [127.0.0.1]) by makeworld.com (Postfix) with ESMTP id 853F36121; Mon, 10 Jan 2005 18:07:12 -0600 (CST) Received: from makeworld.com ([127.0.0.1]) by localhost (makeworld.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 52156-02; Mon, 10 Jan 2005 18:07:08 -0600 (CST) Received: from [198.92.228.34] (racerx.makeworld.com [198.92.228.34]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by makeworld.com (Postfix) with ESMTP id 8DACA60EA; Mon, 10 Jan 2005 18:07:08 -0600 (CST) Message-ID: <41E318B2.3020108@makeworld.com> Date: Mon, 10 Jan 2005 18:07:14 -0600 From: Chris User-Agent: Mozilla Thunderbird 1.0 (X11/20050101) X-Accept-Language: en-us, en MIME-Version: 1.0 To: artware References: <20050110035717.27062.qmail@web41008.mail.yahoo.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by ClamAV 0.75.1/amavisd-new-2.2.0 (20041102) at makeworld.com - Isn't it ironic cc: freebsd-questions@freebsd.org Subject: Re: Blacklisting IPs X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Jan 2005 00:07:13 -0000 artware wrote: > Hello again, > > My 5.3R system has only been up a little over a week, and I've already > had a few breakin attempts -- they show up as Illegal user tests in > the /var/log/auth.log... It looks like they're trying common login > names (probably with the login name used as passwd). It takes them > hours to try a dozen names, but I'd rather not have any traffic from > these folks. Is there any way to blacklist IPs at the system level, or > do I have to hack something together for each daemon? > > - ben > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > Here's what I do - as root: route -nq add -host xxx.xxx.xxx.xxx 127.0.0.1 -blackhole To the attacker, it looks as if you dropped off the net. -- Best regards, Chris To save disk space in your home directory, compress files you rarely use with "gzip filename". -- Dru