From owner-freebsd-questions@FreeBSD.ORG Tue Sep 28 16:36:19 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DC92A16A4CE for ; Tue, 28 Sep 2004 16:36:19 +0000 (GMT) Received: from ms-smtp-01-eri0.ohiordc.rr.com (ms-smtp-01-smtplb.ohiordc.rr.com [65.24.5.135]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2A6A143D2F for ; Tue, 28 Sep 2004 16:36:19 +0000 (GMT) (envelope-from dmehler26@woh.rr.com) Received: from satellite (dhcp065-031-041-029.woh.rr.com [65.31.41.29]) i8SGaGJW024751 for ; Tue, 28 Sep 2004 12:36:16 -0400 (EDT) Message-ID: <001f01c4a57a$440d4510$0200a8c0@satellite> From: "dave" To: Date: Tue, 28 Sep 2004 12:43:21 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1437 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 X-Virus-Scanned: Symantec AntiVirus Scan Engine Subject: connections from dialup IP's X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Sep 2004 16:36:20 -0000 Hello, Last evening i had a pretty determined dialup user try to ssh in to my system as root, the logs showed he tried for over 15 minutes. What i'd like to know is is there a way of dropping a connection from an IP if it connects more than x times in a minute? Or any other suggestions of dealing with this? I did a host lookup on the IP, 211.206.125.39 which came back not found which kind of tells me he got offline. Suggestions welcome. Also i'm not familiar with the .kr domain i'd like to block connections from that one as well, same reason this one 4 minutes 165.132.58.56 Thanks. Dave.