Date: Sun, 19 Sep 2004 19:32:49 +1000 From: Mikhail Goriachev <mikhailg@webanoide.org> To: Antony Mawer <fbsd-security@mawer.org> Cc: freebsd-security@freebsd.org Subject: Re: Attacks on ssh port Message-ID: <414D5241.9020901@webanoide.org> In-Reply-To: <414CE5E8.6000103@mawer.org> References: <20040918142955.61586.qmail@web51007.mail.yahoo.com> <414CE5E8.6000103@mawer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Antony Mawer wrote:
> Chris Ryan wrote:
>
>>protection - with the appropriate active firewall that
>>blocks their IP address after x failed attempts
>>permanently....
>
>
> Has anyone found any good scripts or utilities for automating this kind
> of thing? I too have been subject to these probings, and my initial
> thought was to firewall off any address after any number of incorrect
> attempts.
>
> While I could write a script to parse the ipfilter logs, I didn't want
> to go re-inventing the wheel for something which I was sure someone
> would have already attempted.
>
> Anyone have any suggestions?
>
> Cheers
> Antony
Is it actually good idea to block those IPs? I get lots of attacks too
on daily basis on my machines for: root, man, smmsp, nobody, bin,
daemon, tty, uucp, mailnull, you-name-it etc. For several weeks I sent
e-mails to abuse@{$attack-comming-from-x-network}.{$domain} and 0.01% of
them replied. However, the attacks never come from same networks nor IPs.
My 2 cents.
Cheers,
Mikhail
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?414D5241.9020901>