From owner-freebsd-questions@FreeBSD.ORG Tue Jan 19 00:21:10 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 771E21065695 for ; Tue, 19 Jan 2010 00:21:10 +0000 (UTC) (envelope-from oloringr@gmail.com) Received: from mail-fx0-f227.google.com (mail-fx0-f227.google.com [209.85.220.227]) by mx1.freebsd.org (Postfix) with ESMTP id 026758FC1B for ; Tue, 19 Jan 2010 00:21:09 +0000 (UTC) Received: by fxm27 with SMTP id 27so2886330fxm.3 for ; Mon, 18 Jan 2010 16:21:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:references:in-reply-to:x-face:mime-version:content-type :content-transfer-encoding:message-id; bh=dHU5v6gpFdVgj3yI6G7B62PffWQWRnrJ1m3+pCm3POo=; b=bHUF/JAwmyLmdG6zAQ0xdNeV1bwWW8ugorvWsgT9qYgkUEYRgvLLk6Vr/Upc03ILZH 6zOfhXwTw0mqkdOxNhWgWrnelzI74DB1a6mvNhHr/xdaMUCzowGfl8G4PtURz69nMULE ereCcxDp3T0jw0KOPlP+ZWwbTQpAeSCxMRku4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:references:in-reply-to:x-face :mime-version:content-type:content-transfer-encoding:message-id; b=MoJBlJvWUGN5HzHDiyrhRNDoUS/MZLncJ/AZkLXtSvWhFvGyey1lncuohJADmUehLN 2GoN8odXhoHieuGCf2fRv/V9cRHiTFpcaSPU83ZsFWE4h3lkr7FXlxCkrj3ljYlvxoXR pBckGl2sDO9qa4o5U+TohU6p2zEseUN0+2YIY= Received: by 10.223.5.135 with SMTP id 7mr8370577fav.81.1263860468807; Mon, 18 Jan 2010 16:21:08 -0800 (PST) Received: from media.localnet (188.4.78.122.dsl.dyn.forthnet.gr [188.4.78.122]) by mx.google.com with ESMTPS id p9sm5400239fkb.14.2010.01.18.16.21.08 (version=SSLv3 cipher=RC4-MD5); Mon, 18 Jan 2010 16:21:08 -0800 (PST) From: Ed Jobs To: freebsd-questions@freebsd.org Date: Tue, 19 Jan 2010 02:22:03 +0200 User-Agent: KMail/1.12.4 (Linux/2.6.32-ARCH; KDE/4.3.4; i686; ; ) References: <201001182239.20153.david@vizion2000.net> In-Reply-To: <201001182239.20153.david@vizion2000.net> X-Face: %5EDs|At1pm>WE%P0}6)Hi*s, JH2J${69~j)R"Yu'^P9R3#fvi{LmpsCzxvX*38/, kxcUd QVrlS0G,}-ll{||\P]; *'Gz`RTG+dzconmNyDY3rJHBmpEJkFj|; %vZO&~T")='B<; 88~[ Cltx6#}N*E MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart32409047.g47VQd2U8o"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201001190222.03539.oloringr@gmail.com> Subject: Re: /etc/hosts.deniedssh X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jan 2010 00:21:10 -0000 --nextPart32409047.g47VQd2U8o Content-Type: Text/Plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable On Tuesday 19 January 2010 00:39, David Southwell wrote: > Examples from hosts.deniedssh > I seem to be on the receiving end of a concerted series of unsuccessful > break in attacks on one of our systems. One small part of the attack=20 has=20 > resulted in over 2000 entries in our hosts.deniedssh file in less than 1 > hour. >=20 > I would be interested in any comments on the small example shown=20 below and > any advice. >=20 > Thanks in advance >=20 > David 2k entries are too much indeed. are you running ssh on port 22? if yes, (and your users are ok with it) you can change it to another port. or maybe, temporary disable ssh login and use cron to enable it again in=20 some time in the future. =2D-=20 Save the whales. Club a seal instead. --nextPart32409047.g47VQd2U8o Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEABECAAYFAktU+ysACgkQBPpdVEWKA32fugCgzG7T/eZBiNb1MvWOm5jqhvEC y20AoPRAeELJ6s4fmSQihZgrer94YiOf =ISqn -----END PGP SIGNATURE----- --nextPart32409047.g47VQd2U8o--