From owner-freebsd-questions@FreeBSD.ORG Tue Jan 2 14:34:38 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D650216A416 for ; Tue, 2 Jan 2007 14:34:38 +0000 (UTC) (envelope-from heli@mikestammer.com) Received: from smtp112.sbc.mail.re2.yahoo.com (smtp112.sbc.mail.re2.yahoo.com [68.142.229.93]) by mx1.freebsd.org (Postfix) with SMTP id 6A0DA13C455 for ; Tue, 2 Jan 2007 14:34:38 +0000 (UTC) (envelope-from heli@mikestammer.com) Received: (qmail 41238 invoked from network); 2 Jan 2007 14:34:37 -0000 Received: from unknown (HELO mail.mikestammer.com) (mikestammer@sbcglobal.net@70.142.209.106 with login) by smtp112.sbc.mail.re2.yahoo.com with SMTP; 2 Jan 2007 14:34:37 -0000 X-YMail-OSG: OUIxUOAVM1nXfA9bsDM54RZfG90NHE4Q3eJejBSujZNUL267jO_I5EaQUmmuVTQQjJp2jb5xVLhDJZH5hyUfxAdpqlnX57ADDCyYrrLFe86Q0Qt2jXNA4VG1W6uH.7OUESLzeUCk4rY4BlA- Received: from localhost (localhost [127.0.0.1]) by mail.mikestammer.com (Postfix) with ESMTP id CF84A1146A; Tue, 2 Jan 2007 08:34:36 -0600 (CST) X-Virus-Scanned: amavisd-new at mikestammer.com Received: from mail.mikestammer.com ([127.0.0.1]) by localhost (gondolin.middleearth.mikestammer.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gqpbZASnf2pM; Tue, 2 Jan 2007 08:34:35 -0600 (CST) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: eric) by mail.mikestammer.com (Postfix) with ESMTP id 36D0D1141B; Tue, 2 Jan 2007 08:34:32 -0600 (CST) Message-ID: <459A6D77.5010003@mikestammer.com> Date: Tue, 02 Jan 2007 08:34:31 -0600 From: Eric User-Agent: Thunderbird 2.0b1 (Windows/20061206) MIME-Version: 1.0 To: Len Conrad References: <459A5A45.4080309@wmptl.com> <200701021505921.SM00292@TX2.Go2France.com> In-Reply-To: <200701021505921.SM00292@TX2.Go2France.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: sshd break-in attempt X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jan 2007 14:34:38 -0000 Len Conrad wrote: > >> >> In our 'periodic daily' report/email, (only the list goes on for >> hundreds of attempts). Anyhow, long story short; is there not an easy >> way to make sshd block or deny hosts temporarily if X number of >> invalid login attempts are made within a minute's time? > > to reduce the brute force attacks + voluminous logging, tell sshd to > listen on port other than 22. > > google for "tcp wrappers sshd" for examples of how to use tcp wrappers > in reactive blocking > > Len > > > check out the denyhosts port as well. works great