From owner-freebsd-isp@FreeBSD.ORG Thu Jun 9 13:39:00 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 46B6416A41C for ; Thu, 9 Jun 2005 13:39:00 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from mail.yazzy.org (mail.yazzy.org [217.8.140.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id E319F43D48 for ; Thu, 9 Jun 2005 13:38:59 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from localhost.localdomain (yazzy.yazzy.org [192.168.98.11]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yazzy.org (Postfix) with ESMTP id D1FAD39869; Thu, 9 Jun 2005 15:39:20 +0200 (CEST) Date: Thu, 9 Jun 2005 15:38:56 +0200 From: Marcin Jessa To: john@day-light.com Message-Id: <20050609153856.2e349f42.lists@yazzy.org> In-Reply-To: References: <20050604174732.GG79969@numachi.com> Organization: YazzY.org X-Mailer: Sylpheed version 1.0.4 (GTK+ 1.2.10; i386-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: inbound ssh ceased on 4 servers at same time X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2005 13:39:00 -0000 Hi John, guys. On Sat, 4 Jun 2005 13:14:28 -0500 "John Brooks" wrote: > Thanks, sounds good to do on the outward facing firewall. These > four freebsd boxes are protected behind an openbsd firewall so > none of the brute-force sshd attacks have ever reached them. How do you filter those brute-force attacks? Do you check existence of users on the actual server running sshd ? I get hundreds of those attacks every day. Cheers, Marcin Jessa.