From owner-freebsd-questions@FreeBSD.ORG Wed Jan 3 12:11:21 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4D9A016A416 for ; Wed, 3 Jan 2007 12:11:21 +0000 (UTC) (envelope-from petern@africaonline.co.zw) Received: from smtp.africaonline.co.zw (smtp.africaonline.co.zw [216.104.192.7]) by mx1.freebsd.org (Postfix) with ESMTP id BC87113C428 for ; Wed, 3 Jan 2007 12:11:19 +0000 (UTC) (envelope-from petern@africaonline.co.zw) Received: from smtp.africaonline.co.zw (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id ACB3322047; Wed, 3 Jan 2007 13:49:30 +0200 (SAST) Received: from firewall.petergunz.africaonline.co.zw (unknown [216.104.192.14]) by smtp.africaonline.co.zw (Postfix) with ESMTP id E9CA81DC9B; Wed, 3 Jan 2007 13:49:29 +0200 (SAST) From: Peter Nyamukusa Organization: Africa Online Zimbabwe To: freebsd-questions@freebsd.org Date: Wed, 3 Jan 2007 13:49:07 +0200 User-Agent: KMail/1.8.2 References: <459A5A45.4080309@wmptl.com> <200701021505921.SM00292@TX2.Go2France.com> <459A6D77.5010003@mikestammer.com> In-Reply-To: <459A6D77.5010003@mikestammer.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200701031349.08991.petern@africaonline.co.zw> X-PMX-Version: 5.3.0.289146, Antispam-Engine: 2.5.0.283055, Antispam-Data: 2007.1.3.33433 X-PerlMx-Spam: Gauge=IIIIIII, Probability=7%, Report='RDNS_GENERIC_POOLED 0, RDNS_SUSP_GENERIC 0, __CD 0, __CP_URI_IN_BODY 0, __CT 0, __CTE 0, __CTYPE_CHARSET_QUOTED 0, __CT_TEXT_PLAIN 0, __FRAUD_419_LOC 0, __HAS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0, __USER_AGENT 0' Cc: Len Conrad Subject: Re: sshd break-in attempt X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: petern@africaonline.co.zw List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jan 2007 12:11:21 -0000 On Tuesday 02 January 2007 16:34, Eric wrote: Hi, Why don't you use the /etc/rc.firewall, its a good firewall too. > Len Conrad wrote: > >> In our 'periodic daily' report/email, (only the list goes on for > >> hundreds of attempts). Anyhow, long story short; is there not an easy > >> way to make sshd block or deny hosts temporarily if X number of > >> invalid login attempts are made within a minute's time? > > > > to reduce the brute force attacks + voluminous logging, tell sshd to > > listen on port other than 22. > > > > google for "tcp wrappers sshd" for examples of how to use tcp wrappers > > in reactive blocking > > > > Len > > check out the denyhosts port as well. works great > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" =2D-=20 Peter Nyamukusa Systems Administrator Africa Online Zimbabwe Tel: =A0 =A0+263-4-250890 =46ax: =A0 =A0+263-4-702203 E-mail: petern@africaonlineco.zw AIM: =A0 petenya Africa Online Disclaimer and Confidentiality Note=20 This e-mail, its attachments and any rights attaching hereto are,=20 unless the context clearly indicates otherwise, the property of=20 Africa Online Holdings (Mauritius) Limited and/or its subsidiaries=20 ("the Group"). It is confidential and intended for the addressee=20 only. Should you not be the addressee and have received this e-mail=20 by mistake, kindly notify the sender, delete this e-mail=20 immediately and do not disclose or use the same in any manner=20 whatsoever. Views and opinions expressed in this e-mail are those=20 of the sender unless clearly stated as those of the Group. The=20 Group accepts no liability whatsoever for any loss or damages,=20 however incurred, resulting from the use of this e-mail or its=20 attachments. The Group does not warrant the integrity of this=20 e-mail, nor that it is free of errors, viruses, interception or=20 interference. For more information about Africa Online, please=20 visit our website at http://www.africaonline.com