From owner-freebsd-questions@FreeBSD.ORG  Mon Oct 11 21:58:19 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2419E16A4CE
	for <freebsd-questions@freebsd.org>;
	Mon, 11 Oct 2004 21:58:19 +0000 (GMT)
Received: from mail5.speakeasy.net (mail5.speakeasy.net [216.254.0.205])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EEC2643D49
	for <freebsd-questions@freebsd.org>;
	Mon, 11 Oct 2004 21:58:18 +0000 (GMT)
	(envelope-from freebsd-questions-local@be-well.ilk.org)
Received: (qmail 5013 invoked from network); 11 Oct 2004 21:58:18 -0000
Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.no-ip.com)
	([66.92.78.145])
	(envelope-sender <freebsd-questions-local@be-well.ilk.org>)
	by mail5.speakeasy.net (qmail-ldap-1.03) with SMTP
	for <freebsd@dagerot.nu>; 11 Oct 2004 21:58:18 -0000
Received: by be-well.no-ip.com (Postfix, from userid 1147)
	id 5274FE; Mon, 11 Oct 2004 17:58:13 -0400 (EDT)
Sender: lowell@be-well.ilk.org
To: Joachim Dagerot <freebsd@dagerot.nu>
References: <200410112138.i9BLcep06705@thunder.trej.net>
From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>
Date: 11 Oct 2004 17:58:13 -0400
In-Reply-To: <200410112138.i9BLcep06705@thunder.trej.net>
Message-ID: <44hdp0534a.fsf@be-well.ilk.org>
Lines: 17
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
cc: freebsd-questions@freebsd.org
Subject: Re: 'blacklisting' an IP-address after several loginfailures?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Oct 2004 21:58:19 -0000

Joachim Dagerot <freebsd@dagerot.nu> writes:

> I'm under attack!
> 
> I have pages up and down with failed login attempts, usually they are
> trying to hack the root account (which simply can't be used to get in
> by SSH) but they are also trying to access the system with various
> usernames (bruth force).
> 
> Is it easy to load a package that simply adds a deny entry for each IP
> that has failed to login for X amounts of tries?

See the "MaxStartups" option for configuring sshd.

This is somewhat similar to what you were describing, but without the
downside of giving an attacker the ability to lock some victim out of
access to your machine.