Date: Mon, 10 Jan 2005 10:41:03 -0600 From: Kevin Kinsey <kdk@daleco.biz> To: artware <artware@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Blacklisting IPs Message-ID: <41E2B01F.40702@daleco.biz> In-Reply-To: <fd091951050109222052228399@mail.gmail.com> References: <20050110035717.27062.qmail@web41008.mail.yahoo.com> <fd091951050109222052228399@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
artware wrote: >Hello again, > >My 5.3R system has only been up a little over a week, and I've already >had a few breakin attempts -- they show up as Illegal user tests in >the /var/log/auth.log... It looks like they're trying common login >names (probably with the login name used as passwd). It takes them >hours to try a dozen names, but I'd rather not have any traffic from >these folks. Is there any way to blacklist IPs at the system level, or >do I have to hack something together for each daemon? > >- ben > > /etc/hosts.allow? There were a lot of varying ideas in a thread titled "blacklisting failed ssh attempts on this list about Dec. 1st --- perhaps you can gain some wisdom there. I don't know that it's much to worry about, just a bot looking for lame passwords on Linux boxen. There are a number of possible responses, and the likelihood of a successful "attack" via this mechanism seems slim.... Kevin Kinsey
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41E2B01F.40702>