Date: Wed, 08 Sep 2004 07:36:45 -0500 From: Chris <racerx@makeworld.com> To: John Mills <john.m.mills@alum.mit.edu> Cc: Mike Galvez <hoosyerdaddy@virginia.edu> Subject: Re: Tar pitting automated attacks Message-ID: <413EFCDD.9030703@makeworld.com> In-Reply-To: <Pine.LNX.4.44.0409080728520.5289-100000@otter.localdomain> References: <Pine.LNX.4.44.0409080728520.5289-100000@otter.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
John Mills wrote: > Ahh - > > Exactly the scenario here, except the names were different (but similar) > and the source IP was: 64.124.210.23 > > Thanks. > > On Wed, 8 Sep 2004, Jonathan Chen wrote: > > >>On Tue, Sep 07, 2004 at 09:42:16AM -0400, Mike Galvez wrote: >> >>>I am seeing a lot of automated attacks lately against sshd such as: >>> >> >>[...] > > > > Sep 6 12:16:39 www sshd[29901]: Failed password for illegal user > server from 159.134.244.189 port 4044 ssh2 > > > Sep 6 12:16:41 www sshd[29902]: Failed password for illegal user > adam from 159.134.244.189 port 4072 ssh2 > ... etc > > >>>Is there a method to make this more expensive to the attacker, such as >>>tar-pitting? > > >>Put in a ipfw block on the netblock/country. At the very least it will >>make it pretty slow for the initial TCP handshake. > > > - John Mills > john.m.mills@alum.mit.edu I really wish people would stop top posting. -- Best regards, Chris Flynn is dead Tron is dead long live the MCP.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?413EFCDD.9030703>