Date: Sun, 26 Sep 2004 04:33:02 -0400 From: "David D.W. Downey" <david.downey@gmail.com> To: Alex de Kruijff <freebsd@akruijff.dds.nl> Cc: "freebsd-security@FreeBSD.ORG" <freebsd-security@freebsd.org> Subject: Re: Attacks on ssh port Message-ID: <6917b78104092601339f77948@mail.gmail.com> In-Reply-To: <20040924214909.GA784@alex.lan> References: <414C2798.7060509@withagen.nl> <6917b781040918103077c76f0c@mail.gmail.com> <20040924214909.GA784@alex.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 24 Sep 2004 23:49:09 +0200, Alex de Kruijff <freebsd@akruijff.dds.nl> wrote: > > > > Then you can still see the attempts (and thus log the IP information > > for contacting the abuse@ for the responsible IP controller) while > > limiting your log sizes. > > This only logs the first tree catches (when the log attribuut is set) > per rule. You may want to set this a little higher like 100. > while I agree my example of 3 was low (meant only to instruct) I would say more along the lines of 25. if someone is hitting you 25 times in a row and getting tagged by that rule, you can bet your butt it's not a client of your's. -- David D.W. Downey
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6917b78104092601339f77948>