From owner-freebsd-chat@FreeBSD.ORG Thu Sep 28 16:46:05 2006 Return-Path: X-Original-To: freebsd-chat@freebsd.org Delivered-To: freebsd-chat@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5ABA616A416 for ; Thu, 28 Sep 2006 16:46:05 +0000 (UTC) (envelope-from dking@ketralnis.com) Received: from ketralnis.com (melchoir.ketralnis.com [68.183.67.83]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5F02043D4C for ; Thu, 28 Sep 2006 16:46:04 +0000 (GMT) (envelope-from dking@ketralnis.com) Received: from [192.168.1.71] (pix.xythos.com [64.154.218.194]) (authenticated bits=0) by ketralnis.com (8.13.6/8.13.6) with ESMTP id k8SGk2D7065292 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO) for ; Thu, 28 Sep 2006 09:46:03 -0700 (PDT) (envelope-from dking@ketralnis.com) Mime-Version: 1.0 (Apple Message framework v752.2) In-Reply-To: <200609271926.14172.soralx@cydem.org> References: <20060920104047.GA49442@splork.wirewater.yow> <451A5C6F.5040001@sbcglobal.net> <5dc6f198bfa0075cef0c190d90351273@FreeBSD.org> <200609271926.14172.soralx@cydem.org> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <25347309-F852-4E2D-8819-0B05E610E1F0@ketralnis.com> Content-Transfer-Encoding: 7bit From: David King Date: Thu, 28 Sep 2006 09:45:46 -0700 To: freebsd-chat@freebsd.org X-Mailer: Apple Mail (2.752.2) Subject: Re: Party X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2006 16:46:05 -0000 > What can be done to keep the logs neat (i.e., free from the ssh- > bruteforce > garbage) is this: for a given number of login failures (e.g., 8), > add an > ipfw rule that blocks all traffic from the offending IP#. Of > course, this > has got to be automatized (script?). I find security/sshit works well for this, it reads a tail pipe out of syslog and add ipfw rules (and can time them out) > I used to add the rules manually, as > an experiment, and I found that attacks from one IP# do repeat, though > very seldom (the period may be as long as a few months). The rule list > will grows without bounds :( I figure, this reduces the amount of > recieved > spam slightly too. > Yes, not a novel idea (to phrase it soflty); yet, I actually tested > it, > found that there's net gain from doing that (as small as it may be), > and no noticeable bad consequences. > > [SorAlx] ridin' VN1500-B2 > _______________________________________________ > freebsd-chat@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-chat > To unsubscribe, send any mail to "freebsd-chat- > unsubscribe@freebsd.org" -- David King Computer Programmer Ketralnis Systems