From owner-freebsd-questions@FreeBSD.ORG Tue Jan 11 08:17:47 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6144B16A4CE for ; Tue, 11 Jan 2005 08:17:47 +0000 (GMT) Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [65.75.192.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id B93CA43D2D for ; Tue, 11 Jan 2005 08:17:46 +0000 (GMT) (envelope-from tedm@toybox.placo.com) Received: from tedwin2k (nat-rtr.freebsd-corp-net-guide.com [65.75.197.130]) j0B8HKj60102; Tue, 11 Jan 2005 00:17:20 -0800 (PST) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Erik Norgaard" , "Gene" Date: Tue, 11 Jan 2005 00:17:19 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 In-Reply-To: <41E38A6C.1070601@locolomo.org> Importance: Normal cc: "freebsd-questions@FreeBSD. ORG" Subject: RE: High levels of breakin attempts X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Jan 2005 08:17:47 -0000 Yes Eric, just write a FAQ answer and post it per the following: http://www.freebsd.org/docproj/submitting.html Thanks for volunteering! Ted > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Erik Norgaard > Sent: Tuesday, January 11, 2005 12:12 AM > To: Gene > Cc: freebsd-questions@FreeBSD. ORG > Subject: Re: High levels of breakin attempts > > > Gene wrote: > > Over the past few months there have been a remarkably high level of > > brute force attacks logged by sshd. I was wondering, is > there a way that > > sshd (or some other package) can monitor login attempts and > if more than > > say 5 or 6 attempts are made to login from a particular ip address, > > temporarily block that address (perhaps at the firewall)? > It'd be real > > satisfying to just dump the attackers' packets to the bit bucket and > > slow 'em down a bit. > > Sorry, but this topic was discussed just before you posted - see > "Blacklisting IPs" and it is regularly discussed on various lists. > Everyone asks that same question, and everyone propose the same > solutions, could this be added to the faq? > > Cheers, Erik > -- > Ph: +34.666334818 web: > www.locolomo.org > S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt > Subject ID: > A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 > Fingerprint: > 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >