Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 28 Sep 2006 09:45:46 -0700
From:      David King <dking@ketralnis.com>
To:        freebsd-chat@freebsd.org
Subject:   Re: Party
Message-ID:  <25347309-F852-4E2D-8819-0B05E610E1F0@ketralnis.com>
In-Reply-To: <200609271926.14172.soralx@cydem.org>
References:  <20060920104047.GA49442@splork.wirewater.yow> <451A5C6F.5040001@sbcglobal.net> <5dc6f198bfa0075cef0c190d90351273@FreeBSD.org> <200609271926.14172.soralx@cydem.org>

next in thread | previous in thread | raw e-mail | index | archive | help
> What can be done to keep the logs neat (i.e., free from the ssh- 
> bruteforce
> garbage) is this: for a given number of login failures (e.g., 8),  
> add an
> ipfw rule that blocks all traffic from the offending IP#. Of  
> course, this
> has got to be automatized (script?).

I find security/sshit works well for this, it reads a tail pipe out  
of syslog and add ipfw rules (and can time them out)


> I used to add the rules manually, as
> an experiment, and I found that attacks from one IP# do repeat, though
> very seldom (the period may be as long as a few months). The rule list
> will grows without bounds :( I figure, this reduces the amount of  
> recieved
> spam slightly too.
> Yes, not a novel idea (to phrase it soflty); yet, I actually tested  
> it,
> found that there's net gain from doing that (as small as it may be),
> and no noticeable bad consequences.
>
> [SorAlx]  ridin' VN1500-B2
> _______________________________________________
> freebsd-chat@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-chat
> To unsubscribe, send any mail to "freebsd-chat- 
> unsubscribe@freebsd.org"

--
David King
Computer Programmer
Ketralnis Systems





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?25347309-F852-4E2D-8819-0B05E610E1F0>