Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 27 Sep 2006 19:26:13 -0700
From:      soralx@cydem.org
To:        freebsd-chat@freebsd.org
Subject:   Re: Party
Message-ID:  <200609271926.14172.soralx@cydem.org>
In-Reply-To: <5dc6f198bfa0075cef0c190d90351273@FreeBSD.org>
References:  <20060920104047.GA49442@splork.wirewater.yow> <451A5C6F.5040001@sbcglobal.net> <5dc6f198bfa0075cef0c190d90351273@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help

> garbage, in my inbox.  It seems after every ssh-bruteforce wave, 
> there's a spike in spam distribution.  So the problem just keeps 
> showing up.  To me, it seems like there's hordes of vandals running 
> about torching the town, and generally causing havoc.   I guess I just 

What can be done to keep the logs neat (i.e., free from the ssh-bruteforce
garbage) is this: for a given number of login failures (e.g., 8), add an
ipfw rule that blocks all traffic from the offending IP#. Of course, this
has got to be automatized (script?). I used to add the rules manually, as
an experiment, and I found that attacks from one IP# do repeat, though
very seldom (the period may be as long as a few months). The rule list
will grows without bounds :( I figure, this reduces the amount of recieved
spam slightly too.
Yes, not a novel idea (to phrase it soflty); yet, I actually tested it,
found that there's net gain from doing that (as small as it may be),
and no noticeable bad consequences.

[SorAlx]  ridin' VN1500-B2



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200609271926.14172.soralx>