Date: Tue, 19 Jan 2010 08:21:24 +0100 From: Erik Norgaard <norgaard@locolomo.org> To: David Southwell <david@vizion2000.net> Cc: freebsd-questions@freebsd.org Subject: Re: /etc/hosts.deniedssh Message-ID: <4B555D74.5060001@locolomo.org> In-Reply-To: <201001182239.20153.david@vizion2000.net> References: <201001182239.20153.david@vizion2000.net>
next in thread | previous in thread | raw e-mail | index | archive | help
David Southwell wrote: > Examples from hosts.deniedssh > I seem to be on the receiving end of a concerted series of unsuccessful break > in attacks on one of our systems. One small part of the attack has resulted > in over 2000 entries in our hosts.deniedssh file in less than 1 hour. > > I would be interested in any comments on the small example shown below and any > advice. 1. see thread from last week "denying spam hosts ssh access" 2. don't resolve ips 3. do a sort, you'll see that many come from the same network, possibly the same node with a new IP, block entire ranges, blocking individual ip's is futile. 4. consider blocking in your firewall 5. don't worry, unsuccesfull attacks are - well, unsuccesfull BR, Erik -- Erik Nørgaard Ph: +34.666334818/+34.915211157 http://www.locolomo.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B555D74.5060001>