From owner-freebsd-questions@FreeBSD.ORG Fri Jul 1 14:11:36 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 783E116A41C for ; Fri, 1 Jul 2005 14:11:36 +0000 (GMT) (envelope-from john@day-light.com) Received: from joseph.day-light.net (gabriel.day-light.net [209.145.160.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id 39ADF43D4C for ; Fri, 1 Jul 2005 14:11:36 +0000 (GMT) (envelope-from john@day-light.com) Received: from w1 (unknown [10.1.5.36]) by joseph.day-light.net (Postfix) with SMTP id 46F274F40B; Fri, 1 Jul 2005 09:11:35 -0500 (CDT) From: "John Brooks" To: "John Cholewa" , Date: Fri, 1 Jul 2005 09:11:42 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <42C54872.50106@jc-news.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Importance: Normal Cc: Subject: RE: autoblocking many ssh failed logins from the same IP.... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: john@day-light.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jul 2005 14:11:36 -0000 they are originating from the high ports, arriving on port 22 at your box. this is normal. in a default setup sshd only listens on port 22. -- John Brooks john@day-light.com > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of John Cholewa > Sent: Friday, July 01, 2005 8:43 AM > To: freebsd-questions@freebsd.org > Subject: autoblocking many ssh failed logins from the same IP.... > > > Jun 30 10:36:05 phantom sshd[70478]: Failed password for news > from 212.88.182.121 port 51218 ssh2 > Jun 30 10:36:16 phantom sshd[70500]: Failed password for sshd > from 212.88.182.121 port 51608 ssh2 > Jun 30 10:36:39 phantom sshd[70569]: Failed password for root > from 212.88.182.121 port 52297 ssh2 > > I get the above a lot in my logs (except more of it). Each day, > a couple hundred failed attempts to log in from one or sometimes > two IP addresses shows up. I don't have anything like ipf > running, and since this machine is about fifteen hundred miles > away from me, I don't want to experiment with software > firewalling right now. > > That known, is there any way to tell sshd (or some more powerful > daemon) to stop accepting login attempts from a given IP if it > tries and fails to log in too many times in a limited duration > (like in the same minute)? > > I suppose, now that I'm thinking about it, that it'd be best to > actually just read the man pages and figure out how to get sshd > to ignore any attempt to attach from ports other than 22. I > mean, why are other machines trying to ssh in at ports over fifty > thousand anyway? > > -- > -JC > http://www.livejournal.com/users/jcholewa/ > > PS: Oh, yeah ... "FreeBSD 4.8-RELEASE #0: Thu Apr 3 10:53:38 > GMT 2003" ; openssh-3.6.1_5 ; openssl-0.9.7d_1 > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >