Date: Tue, 28 Sep 2004 18:13:09 +0100 From: "R. W." <list-freebsd-2004@morbius.sent.com> To: freebsd-questions@freebsd.org Subject: Re: connections from dialup IP's Message-ID: <200409281813.09398.list-freebsd-2004@morbius.sent.com> In-Reply-To: <001f01c4a57a$440d4510$0200a8c0@satellite> References: <001f01c4a57a$440d4510$0200a8c0@satellite>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 28 September 2004 17:43, dave wrote: > Hello, > Last evening i had a pretty determined dialup user try to ssh in > to my system as root, the logs showed he tried for over 15 minutes. > What i'd like to know is is there a way of dropping a connection from > an IP if it connects more than x times in a minute? Or any other > suggestions of dealing with this? I did a host lookup on the IP, > 211.206.125.39 > which came back not found which kind of tells me he got offline. > Suggestions welcome. > Also i'm not familiar with the .kr domain i'd like to block > connections from that one as well, same reason this one 4 minutes > 165.132.58.56 Thanks. One thing I think you should do is edit sshd_config to disallow direct root logins, I thought that was the default. You can still su to root, unless you disallow the wheel group. I have it setup so users have to be in a dedicted ssh-users group. I think you can force sshd to use login, which gives you some back-off options (see man login.conf). Another thing is to configure your firewall to allow ssh only from specified hosts or ip ranges. Take a look at the ipfw articles here: http://www.onlamp.com/topics/bsd/firewalls
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200409281813.09398.list-freebsd-2004>