Date: Tue, 28 Sep 2004 12:47:59 -0400 From: Bill Moran <wmoran@potentialtech.com> To: "dave" <dmehler26@woh.rr.com> Cc: freebsd-questions@freebsd.org Subject: Re: connections from dialup IP's Message-ID: <20040928124759.64539196.wmoran@potentialtech.com> In-Reply-To: <001f01c4a57a$440d4510$0200a8c0@satellite> References: <001f01c4a57a$440d4510$0200a8c0@satellite>
next in thread | previous in thread | raw e-mail | index | archive | help
"dave" <dmehler26@woh.rr.com> wrote: > Hello, > Last evening i had a pretty determined dialup user try to ssh in to my > system as root, the logs showed he tried for over 15 minutes. What i'd like > to know is is there a way of dropping a connection from an IP if it connects > more than x times in a minute? Or any other suggestions of dealing with > this? I did a host lookup on the IP, 211.206.125.39 > which came back not found which kind of tells me he got offline. Suggestions > welcome. > Also i'm not familiar with the .kr domain i'd like to block connections > from that one as well, same reason this one 4 minutes 165.132.58.56 A whois lookup will tell you what IPs belong to a particular domain. You can then use the technique of your choice to block them, whether it be packet filter or host.allow-like functionality. I usually just add an ipfw rule, myself, but you've got lots of choices. -- Bill Moran Potential Technologies http://www.potentialtech.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040928124759.64539196.wmoran>