From owner-freebsd-questions@FreeBSD.ORG  Sun Aug 28 00:38:10 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3F4F316A57D
	for <freebsd-questions@freebsd.org>;
	Sun, 28 Aug 2005 00:38:10 +0000 (GMT)
	(envelope-from nawcom@nawcom.no-ip.com)
Received: from nawcom.no-ip.com (adsl-69-208-125-59.dsl.sfldmi.ameritech.net
	[69.208.125.59])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4538043D4C
	for <freebsd-questions@freebsd.org>;
	Sun, 28 Aug 2005 00:37:26 +0000 (GMT)
	(envelope-from nawcom@nawcom.no-ip.com)
Received: from [192.168.212.4] (unknown [192.168.212.4])
	by nawcom.no-ip.com (Postfix) with ESMTP id 7D3EE77F5;
	Sat, 27 Aug 2005 20:59:22 -0400 (EDT)
Message-ID: <43110754.6010608@nawcom.no-ip.com>
Date: Sat, 27 Aug 2005 20:37:40 -0400
From: nawcom <nawcom@nawcom.no-ip.com>
User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-questions@auscert.org.au,  freebsd-questions@freebsd.org
References: <200508280029.j7S0T7X4043956@app.auscert.org.au>
In-Reply-To: <200508280029.j7S0T7X4043956@app.auscert.org.au>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: 
Subject: Re: Illegal access attempt - FreeBSD 5.4 Release - please advise
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Aug 2005 00:38:10 -0000

if this server was used by 100+ people i would of course not have such a 
harsh security script set up. everyone who uses it has great experience 
and understands the consequences. like i said before, this is usually 
for personal use and has about 12 users total. if this was used to 
manage ssh on something big i would lower the security measures.

hope you can understand some now :)

Ben



freebsd-questions@auscert.org.au wrote:

>>-if the attempt was with a username that doesnt exist - i add the ip to 
>>a db of banned ips and flush and restart ipfw
>>    
>>
>
>I'm curious about this bit - what do you do about accidentally mistyped
>usernames by valid users?
>
>cheers,
>-- Joel Hatton --
>Security Analyst                    | Hotline: +61 7 3365 4417
>AusCERT - Australia's national CERT | Fax:     +61 7 3365 7031
>The University of Queensland        | WWW:     www.auscert.org.au
>Qld 4072 Australia                  | Email:   auscert@auscert.org.au
>_______________________________________________
>freebsd-questions@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>  
>