From owner-freebsd-questions@FreeBSD.ORG Mon Jan 11 14:14:39 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 93177106568D for ; Mon, 11 Jan 2010 14:14:39 +0000 (UTC) (envelope-from samankaya@netscape.net) Received: from imr-da06.mx.aol.com (imr-da06.mx.aol.com [205.188.169.203]) by mx1.freebsd.org (Postfix) with ESMTP id 54DA18FC13 for ; Mon, 11 Jan 2010 14:14:39 +0000 (UTC) Received: from imo-da01.mx.aol.com (imo-da01.mx.aol.com [205.188.169.199]) by imr-da06.mx.aol.com (8.14.1/8.14.1) with ESMTP id o0BEE5Ra030313; Mon, 11 Jan 2010 09:14:06 -0500 Received: from samankaya@netscape.net by imo-da01.mx.aol.com (mail_out_v42.5.) id z.d32.6c3a6364 (37096); Mon, 11 Jan 2010 09:13:59 -0500 (EST) Received: from [172.16.1.52] (mail.reformkurumsal.com [212.156.209.87]) by cia-db07.mx.aol.com (v127.7) with ESMTP id MAILCIADB076-90e84b4b32243e5; Mon, 11 Jan 2010 09:13:59 -0500 Message-ID: <4B4B3223.2070204@netscape.net> Date: Mon, 11 Jan 2010 16:13:55 +0200 From: Kaya Saman User-Agent: Thunderbird 2.0.0.21 (X11/20090323) MIME-Version: 1.0 To: David Southwell References: <20100111140105.GI61025@mech-cluster241.men.bris.ac.uk> <201001111408.43361.david@vizion2000.net> In-Reply-To: <201001111408.43361.david@vizion2000.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-AOL-IP: 212.156.209.87 X-Mailer: Unknown (No Version) X-Spam-Flag: NO X-AOL-SENDER: samankaya@netscape.net Cc: mexas@bristol.ac.uk, freebsd-questions@freebsd.org Subject: Re: denying spam hosts ssh access - good idea? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jan 2010 14:14:39 -0000 David Southwell wrote: >> I'm thinking of denying ssh access to host from which >> I get brute force ssh attacks. >> >> HOwever, I see in /etc/hosts.allow: >> >> # Wrapping sshd(8) is not normally a good idea, but if you >> # need to do it, here's how >> #sshd : .evil.cracker.example.com : deny >> >> Why is it not a good idea? >> >> Also, apparently in older ssh there was DenyHosts option, >> but no longer in the current version. >> Is there a replacement for DenyHOsts? >> Or is there a good reason for such option not to be used? >> >> many thanks >> anton >> >> > I use denyhosts ( /usr/ports/security/denyhosts ) works well for me. I also > use blackhole and sshguard > > david > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > Take a look at fail2ban: http://www.fail2ban.org/ This hooks in IPtables and really does a nice job of preventing DoS attacks from not just SSH but many other ports and protocols too. Regards, Kaya