From owner-freebsd-questions@FreeBSD.ORG  Tue Jan  2 14:20:57 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 4E3C216A47B
	for <freebsd-questions@freebsd.org>;
	Tue,  2 Jan 2007 14:20:57 +0000 (UTC)
	(envelope-from LConrad@Go2France.com)
Received: from mgw1.MEIway.com (mgw1.meiway.com [81.255.84.75])
	by mx1.freebsd.org (Postfix) with ESMTP id 0FED213C455
	for <freebsd-questions@freebsd.org>;
	Tue,  2 Jan 2007 14:20:56 +0000 (UTC)
	(envelope-from LConrad@Go2France.com)
Received: from VirusGate.MEIway.com (virusgate.meiway.com [81.255.84.76])
	by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id E46844718FF
	for <freebsd-questions@freebsd.org>;
	Tue,  2 Jan 2007 15:20:57 +0100 (CET)
	(envelope-from LConrad@Go2France.com)
Received: from localhost (localhost.MEIWay.com [127.0.0.1])
	by VirusGate.MEIway.com (Postfix) with SMTP id 5FCDF38676E
	for <freebsd-questions@freebsd.org>;
	Tue,  2 Jan 2007 15:20:58 +0100 (CET)
	(envelope-from LConrad@Go2France.com)
X-AV-Checked: Tue Jan  2 15:20:58 2007 virusgate.meiway.com
Received: from mail.Go2France.com (ms1.meiway.com [81.255.84.73])
	by VirusGate.MEIway.com (Postfix) with ESMTP id 3EB27386753
	for <freebsd-questions@freebsd.org>;
	Tue,  2 Jan 2007 15:20:58 +0100 (CET)
	(envelope-from LConrad@Go2France.com)
Received: from TX2.Go2France.com [66.90.247.9] by mail.Go2France.com with ESMTP
	(SMTPD32-7.07) id A6C4385D028E; Tue, 02 Jan 2007 15:05:56 +0100
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.6 (Beta)
Date: Tue, 02 Jan 2007 08:20:43 -0600
To: freebsd-questions@freebsd.org
From: Len Conrad <LConrad@Go2France.com>
In-Reply-To: <459A5A45.4080309@wmptl.com>
References: <459A5A45.4080309@wmptl.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Message-Id: <200701021505921.SM00292@TX2.Go2France.com>
Subject: Re: sshd break-in attempt
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jan 2007 14:20:57 -0000


>
>In our 'periodic daily' report/email, (only the list goes on for 
>hundreds of attempts). Anyhow, long story short; is there not an 
>easy way to make sshd block or deny hosts temporarily if X number of 
>invalid login attempts are made within a minute's time?

to reduce the brute force attacks + voluminous logging, tell sshd to 
listen on port other than 22.

google for "tcp wrappers sshd" for examples of how to use tcp 
wrappers in reactive blocking

Len