Date: 25 Jan 2005 13:19:47 +0100 From: peter@bgnett.no (Peter N. M. Hansteen) To: freebsd-questions@freebsd.org Subject: Re: Banning ips for some time? Message-ID: <86k6q1lmzg.fsf@amidala.datadok.no> In-Reply-To: <41F60ECC.8050206@myunix.net> References: <41F60ECC.8050206@myunix.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Christian Tischler <mail@myunix.net> writes: > as I have an DSL line witch is 24/7 online (coming from an big and > popular provider) my servers sshd reports 30 to 50 failed > root/operator/etc. logins a day. I would like to block the incoming ip > for a few days automaticly after e.g failed login requests. As others have said, this is probably more of a nuisance issue than a security issue. Anyway, this was discussed recently on undeadly.org (aka OpenBSD Journal). The discussion, which offers some interesting input (some of it OpenBSD specific or at least requiring pf), is available at http://undeadly.org/cgi?action=article&sid=20041231195454 Then again, at least in some cases, the people listed in the whois info for the offending IP appreciate a politely worded notification. Quite likely they do not want this kind of activity either. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86k6q1lmzg.fsf>