Date: Wed, 1 Dec 2004 10:08:44 -0800 From: Doug Hardie <bc979@lafn.org> To: "Charles Ulrich" <charles@idealso.com> Cc: questions@freebsd.org Subject: Re: blacklisting failed ssh attempts Message-ID: <09C48337-43C4-11D9-8D0D-000393681B06@lafn.org> In-Reply-To: <43711.24.11.146.21.1101922894.squirrel@24.11.146.21> References: <43711.24.11.146.21.1101922894.squirrel@24.11.146.21>
next in thread | previous in thread | raw e-mail | index | archive | help
On Dec 1, 2004, at 09:41, Charles Ulrich wrote: > > This morning I noticed that an attacker spent over a full hour trying > to > brute-force accounts and passwords via ssh on one of our machines. > These kinds > of attacks are becoming more frequent. > > I was wondering: does anyone know of a way to blacklist a certain IP > (ideally, > just for a certain time period) after a certain number of failed login > attempts via ssh? I could change the port that sshd listens on, but > I'd rather > find a better solution, one that isn't just another layer of obscurity. I tried null routing their addresses and that stops that address. However, a day or so later they are back from a different address. After a couple months of this I changed the ports. Its a real pain.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?09C48337-43C4-11D9-8D0D-000393681B06>