From owner-freebsd-questions@FreeBSD.ORG Thu Mar 30 13:19:13 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 99B1716A400 for ; Thu, 30 Mar 2006 13:19:13 +0000 (UTC) (envelope-from nawcom@gmail.com) Received: from pproxy.gmail.com (pproxy.gmail.com [64.233.166.180]) by mx1.FreeBSD.org (Postfix) with ESMTP id 00D7E43D46 for ; Thu, 30 Mar 2006 13:19:12 +0000 (GMT) (envelope-from nawcom@gmail.com) Received: by pproxy.gmail.com with SMTP id b36so736764pyb for ; Thu, 30 Mar 2006 05:19:12 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=SQ0F0d6FhwaciNb3TvbJC0W7qw/l3r5tfXov/1v/qNarwKuEqOpqJRItB6jexPUN1bAuDfxuvrccS/tHB7qAR04tRIyD2OhRr1dPxC6iL/fZmro0NoTYKzA8YjFxJUSGHwBIQg1FOGXklwFQIWqyMQ6LFE43gxQAPJQ0jzZ0L/k= Received: by 10.35.100.19 with SMTP id c19mr1028549pym; Tue, 28 Mar 2006 11:12:11 -0800 (PST) Received: by 10.35.62.17 with HTTP; Tue, 28 Mar 2006 11:12:11 -0800 (PST) Message-ID: Date: Tue, 28 Mar 2006 14:12:11 -0500 From: nawcom To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: ipfw secure setup for ssh bruteforcers X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Mar 2006 13:19:13 -0000 I have a pretty good setup with ipfw, and theres always dickheads constantl= y trying to get in - mostly through old microsoft and ssh1/2 exploits with certain usernames and passwords. I pretty much add their ip to a protected ban list (after 5 tries) which bans them from the entire server. >From any professionals, what is the most effective technique that i should use to take care of these kiddies other than a complete ban? Is my technique good or is it oversecure? An admin said that doing this can be bad, especially when the kiddy is connected to a large network like a company or university; I may block other people who aren't guilty of the act. (which makes sense) I use the up do date ssh so any exploits are either patched up or will be patched when they're discovered, so holes in the program shouldn't be in issue. any replies would be wonderful, Thanks, Ben -- "They that can give up essential liberty to obtain a little temporary safet= y deserve neither liberty nor safety." --- Benjamin Franklin