From owner-freebsd-questions@FreeBSD.ORG  Thu Dec  2 14:52:51 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1310416A4CE
	for <questions@freebsd.org>; Thu,  2 Dec 2004 14:52:51 +0000 (GMT)
Received: from freedombi.com (gllug.org [207.179.98.220])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7F94943D39
	for <questions@freebsd.org>; Thu,  2 Dec 2004 14:52:50 +0000 (GMT)
	(envelope-from charles@idealso.com)
Received: by freedombi.com (Postfix, from userid 1000)
	id 0454B727F7; Thu,  2 Dec 2004 09:32:53 -0500 (EST)
Received: from freedombi.com (localhost [192.168.10.108])
	by freedombi.com (Postfix) with ESMTP
	id 6BBEC724BC; Thu,  2 Dec 2004 09:32:51 -0500 (EST)
Received: from 24.11.146.21
        (SquirrelMail authenticated user charles);
        by freedombi.com with HTTP;
        Thu, 2 Dec 2004 09:32:51 -0500 (EST)
Message-ID: <48465.24.11.146.21.1101997971.squirrel@24.11.146.21>
In-Reply-To: <200412011204.10599.josh@tcbug.org>
References: <43711.24.11.146.21.1101922894.squirrel@24.11.146.21>
    <200412011204.10599.josh@tcbug.org>
Date: Thu, 2 Dec 2004 09:32:51 -0500 (EST)
From: "Charles Ulrich" <charles@idealso.com>
To: "Josh Paetzel" <josh@tcbug.org>
User-Agent: SquirrelMail/1.4.3a
X-Mailer: SquirrelMail/1.4.3a
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on freedombi.com
X-Spam-Level: 
X-Spam-Status: No, hits=0.0 required=7.0 tests=none autolearn=no version=2.63
cc: questions@freebsd.org
Subject: Re: blacklisting failed ssh attempts
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Dec 2004 14:52:51 -0000


Josh Paetzel said:
> This may or may not help you, but I generally firewall ssh so that
> only known addresses can get in.  (whitelisting as opposed to
> blacklisting)

Thanks for the tip. We actually do this on some of our servers, but this is a
web server that we need to get to quickly should it stop working. It's looking
like I might just put ssh on a non-standard port and think about an IDS if
there these kind of attacks continue.

-- 
Charles Ulrich
Ideal Solution, LLC - http://www.idealso.com