From owner-freebsd-questions@FreeBSD.ORG  Mon Jan 10 06:20:12 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 958B716A4CE
	for <freebsd-questions@freebsd.org>;
	Mon, 10 Jan 2005 06:20:12 +0000 (GMT)
Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.203])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 29C5B43D58
	for <freebsd-questions@freebsd.org>;
	Mon, 10 Jan 2005 06:20:12 +0000 (GMT)
	(envelope-from artware@gmail.com)
Received: by rproxy.gmail.com with SMTP id a36so258457rnf
	for <freebsd-questions@freebsd.org>;
	Sun, 09 Jan 2005 22:20:11 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
	s=beta; d=gmail.com;
	h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references;
	b=eHyWflIonDUFHDtzENOYe/tYfd01azHroYMAwYqBYrEowbkVFO4WACW3E+1wTEm3uR8tyHM7Oq9Taqt9/N01WkC4wEqbcgUq2BfGeT+LTBa9JR7qjBLKl2PGEYM4bapagDh3+NI2fSKpoH2/PJQPxbl2WhVcItIxIxjnnuLIKiA=
Received: by 10.38.181.76 with SMTP id d76mr526998rnf;
        Sun, 09 Jan 2005 22:20:11 -0800 (PST)
Received: by 10.38.65.13 with HTTP; Sun, 9 Jan 2005 22:20:11 -0800 (PST)
Message-ID: <fd091951050109222052228399@mail.gmail.com>
Date: Mon, 10 Jan 2005 00:20:11 -0600
From: artware <artware@gmail.com>
To: freebsd-questions@freebsd.org
In-Reply-To: <20050110035717.27062.qmail@web41008.mail.yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
References: <20050110035717.27062.qmail@web41008.mail.yahoo.com>
Subject: Blacklisting IPs
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: artware <artware@gmail.com>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jan 2005 06:20:12 -0000

Hello again,

My 5.3R system has only been up a little over a week, and I've already
had a few breakin attempts -- they show up as Illegal user tests in
the /var/log/auth.log... It looks like they're trying common login
names (probably with the login name used as passwd). It takes them
hours to try a dozen names, but I'd rather not have any traffic from
these folks. Is there any way to blacklist IPs at the system level, or
do I have to hack something together for each daemon?

- ben