Date: Fri, 31 Mar 2006 08:42:30 -0500 From: Nathan Vidican <nvidican@wmptl.com> To: questions@freebsd.org Subject: repeated ssh login attempts/failure/break-in attempts from kiddy script Message-ID: <442D31C6.5050700@wmptl.com>
next in thread | raw e-mail | index | archive | help
Noted recently in auth.log, a string of connection attempts repeated/failed over and over from one host - looks like a script someone's running, tries all kinds of various usernames, etc... attempts like 100-200 logins, fails and goes away. Few hours go by, and another such attempt, from a different IP comes in. If I'm here and just happen to notice them - simple ipfw add deny... does the trick, but is there not a way to limit the login attempts for a certain period of time? ie: after 4 failed attempts from IP _BLANK_ in less than _BLANK_ minutes, deny all attempts and drop connection from said IP... possible? Any suggestions/ideas? Thus far, no one has managed to login (there are only three accounts which even have a shell or can login via ssh... but still not the point). I'd just like to get rid of the problem and save my auth.log file for perhaps something more useful ;) -- Nathan Vidican nvidican@wmptl.com Windsor Match Plate & Tool Ltd. http://www.wmptl.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?442D31C6.5050700>