Date: Tue, 25 Jan 2005 05:30:42 -0800 From: Joshua Tinnin <krinklyfig@spymac.com> To: freebsd-questions@freebsd.org Cc: Christian Tischler <mail@myunix.net> Subject: Re: Banning ips for some time? Message-ID: <200501250530.43236.krinklyfig@spymac.com> In-Reply-To: <41F60ECC.8050206@myunix.net> References: <41F60ECC.8050206@myunix.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 25 January 2005 01:18 am, Christian Tischler <mail@myunix.net> wrote: > Hi, > as I have an DSL line witch is 24/7 online (coming from an big and > popular provider) my servers sshd reports 30 to 50 failed > root/operator/etc. logins a day. I would like to block the incoming > ip for a few days automaticly after e.g failed login requests. > Currently I am using ipf, but it would be no problem to use any other > FreeBSD firewall. > This is not only for security reasons, but also to shorten the daily > security run output :-) Some people have already provided good suggestions, and this isn't something to worry about unless someone does get in, but the easiest way to prevent this from happening is to make sshd listen on a different port, preferably a high-numbered one. Then, you close port 22 on your firewall and open the one you designated for sshd, and you login to that port from the other machine with ssh. Also, can you go without logins, i.e., can you go entirely with key-based authentication? That can help, too, as well as preventing root from logging in remotely or to ssh (a user in wheel can su), but changing the port often stops attempted ssh logins entirely. - jt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200501250530.43236.krinklyfig>