From owner-freebsd-chat@FreeBSD.ORG Thu Sep 28 02:26:49 2006 Return-Path: X-Original-To: freebsd-chat@freebsd.org Delivered-To: freebsd-chat@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 716B716A40F for ; Thu, 28 Sep 2006 02:26:49 +0000 (UTC) (envelope-from soralx@cydem.org) Received: from pd3mo3so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5E3C243D46 for ; Thu, 28 Sep 2006 02:26:46 +0000 (GMT) (envelope-from soralx@cydem.org) Received: from pd4mr4so.prod.shaw.ca (pd4mr4so-qfe3.prod.shaw.ca [10.0.141.215]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0J6A008KJ6RR8K20@l-daemon> for freebsd-chat@freebsd.org; Wed, 27 Sep 2006 20:26:15 -0600 (MDT) Received: from pn2ml5so.prod.shaw.ca ([10.0.121.149]) by pd4mr4so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0J6A001RJ6RRXUB0@pd4mr4so.prod.shaw.ca> for freebsd-chat@freebsd.org; Wed, 27 Sep 2006 20:26:15 -0600 (MDT) Received: from soralx.cydem.org ([24.87.27.3]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0J6A0042Z6RQJ0F0@l-daemon> for freebsd-chat@freebsd.org; Wed, 27 Sep 2006 20:26:14 -0600 (MDT) Date: Wed, 27 Sep 2006 19:26:13 -0700 From: soralx@cydem.org In-reply-to: <5dc6f198bfa0075cef0c190d90351273@FreeBSD.org> To: freebsd-chat@freebsd.org Message-id: <200609271926.14172.soralx@cydem.org> MIME-version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 7bit Content-disposition: inline References: <20060920104047.GA49442@splork.wirewater.yow> <451A5C6F.5040001@sbcglobal.net> <5dc6f198bfa0075cef0c190d90351273@FreeBSD.org> User-Agent: KMail/1.9.1 Subject: Re: Party X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2006 02:26:49 -0000 > garbage, in my inbox. It seems after every ssh-bruteforce wave, > there's a spike in spam distribution. So the problem just keeps > showing up. To me, it seems like there's hordes of vandals running > about torching the town, and generally causing havoc. I guess I just What can be done to keep the logs neat (i.e., free from the ssh-bruteforce garbage) is this: for a given number of login failures (e.g., 8), add an ipfw rule that blocks all traffic from the offending IP#. Of course, this has got to be automatized (script?). I used to add the rules manually, as an experiment, and I found that attacks from one IP# do repeat, though very seldom (the period may be as long as a few months). The rule list will grows without bounds :( I figure, this reduces the amount of recieved spam slightly too. Yes, not a novel idea (to phrase it soflty); yet, I actually tested it, found that there's net gain from doing that (as small as it may be), and no noticeable bad consequences. [SorAlx] ridin' VN1500-B2