From owner-freebsd-questions@FreeBSD.ORG Wed May 18 13:26:35 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6F70916A4CE for ; Wed, 18 May 2005 13:26:35 +0000 (GMT) Received: from mail1.acecape.com (mail1.acecape.com [66.114.74.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id E4CC843D6E for ; Wed, 18 May 2005 13:26:34 +0000 (GMT) (envelope-from francisco@natserv.net) Received: from zoraida.natserv.net (p65-147.acedsl.com [66.114.65.147]) by mail1.acecape.com (8.12.11/8.12.11) with ESMTP id j4IDQTFK024685; Wed, 18 May 2005 09:26:29 -0400 Date: Wed, 18 May 2005 09:26:29 -0400 (EDT) From: Francisco X-X-Sender: fran@zoraida.natserv.net To: Peter Kropholler In-Reply-To: Message-ID: <20050518092129.O6030@zoraida.natserv.net> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-questions@freebsd.org Subject: Re: illegal user root user failed login attempts X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 May 2005 13:26:35 -0000 On Tue, 17 May 2005, Peter Kropholler wrote: > As things stand, ssh is designed so you can't get at people's passwords > and I am leaving it alone. Focussing instead on the task of making > sure my passwords are strong One thing I do is to prevent the IPs from connecting to my machine One can either do it at the firewall level or use the route command to "blacklist" the IPs. The advance of using route, I was told, is that it uses a more efficient way than the firewall to seek IPs. The syntax for using route to black list is: route add -host 127.0.0.1 -blackhole The reason I do this is because I figure those machines may try other attacks besides ssh and also I just don't like to see my logs with so many warnings of break in attemps.