From owner-freebsd-hackers@FreeBSD.ORG  Tue Sep 30 09:45:23 2008
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4BFC7106569E
	for <freebsd-hackers@freebsd.org>; Tue, 30 Sep 2008 09:45:23 +0000 (UTC)
	(envelope-from jdc@koitsu.dyndns.org)
Received: from QMTA07.westchester.pa.mail.comcast.net
	(qmta07.westchester.pa.mail.comcast.net [76.96.62.64])
	by mx1.freebsd.org (Postfix) with ESMTP id EB9668FC16
	for <freebsd-hackers@freebsd.org>; Tue, 30 Sep 2008 09:45:22 +0000 (UTC)
	(envelope-from jdc@koitsu.dyndns.org)
Received: from OMTA06.westchester.pa.mail.comcast.net ([76.96.62.51])
	by QMTA07.westchester.pa.mail.comcast.net with comcast
	id Lxit1a00916LCl057xlNnl; Tue, 30 Sep 2008 09:45:22 +0000
Received: from koitsu.dyndns.org ([67.180.253.227])
	by OMTA06.westchester.pa.mail.comcast.net with comcast
	id LxlM1a0024v8bD73SxlMxZ; Tue, 30 Sep 2008 09:45:22 +0000
X-Authority-Analysis: v=1.0 c=1 a=4d7EDUnZAAAA:8 a=QycZ5dHgAAAA:8
	a=qDfsLSfKKCZaJBJeAoQA:9 a=IuEB4OqX4YlpMvCAajOmX2_DfZwA:4
	a=EoioJ0NPDVgA:10 a=MSl-tDqOz04A:10 a=LY0hPdMaydYA:10
Received: by icarus.home.lan (Postfix, from userid 1000)
	id 9AC81C9419; Tue, 30 Sep 2008 02:45:20 -0700 (PDT)
Date: Tue, 30 Sep 2008 02:45:20 -0700
From: Jeremy Chadwick <koitsu@FreeBSD.org>
To: Jeroen Ruigrok van der Werven <asmodai@in-nomine.org>
Message-ID: <20080930094520.GA42893@icarus.home.lan>
References: <48E16E93.3090601@gmail.com>
	<20080930075632.GT30869@nexus.in-nomine.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20080930075632.GT30869@nexus.in-nomine.org>
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: freebsd-hackers@freebsd.org, Rich Healey <healey.rich@gmail.com>
Subject: Re: SSH Brute Force attempts
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Sep 2008 09:45:23 -0000

On Tue, Sep 30, 2008 at 09:56:32AM +0200, Jeroen Ruigrok van der Werven wrote:
> -On [20080930 05:14], Rich Healey (healey.rich@gmail.com) wrote:
> >What do you BSD guys use for this purpose?
> 
> I actually use blockhosts, which is a Python solution you tie into
> hosts.allow.
> 
> http://www.aczoom.com/cms/blockhosts

In no way shape or form does this solve the problem of the attackers
being able to establish a TCP connection to you -- they are still tying
up sockets, mbufs, and extra network I/O (coming from you when you
respond and close the socket).

TCP wrappers are absolutely 100% worthless in this day and age.

-- 
| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |