Date: Thu, 28 Sep 2006 10:19:42 -0400 From: John Baldwin <jhb@freebsd.org> To: freebsd-chat@freebsd.org Subject: Re: Party Message-ID: <200609281019.42614.jhb@freebsd.org> In-Reply-To: <200609271926.14172.soralx@cydem.org> References: <20060920104047.GA49442@splork.wirewater.yow> <5dc6f198bfa0075cef0c190d90351273@FreeBSD.org> <200609271926.14172.soralx@cydem.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 27 September 2006 22:26, soralx@cydem.org wrote: > > > garbage, in my inbox. It seems after every ssh-bruteforce wave, > > there's a spike in spam distribution. So the problem just keeps > > showing up. To me, it seems like there's hordes of vandals running > > about torching the town, and generally causing havoc. I guess I just > > What can be done to keep the logs neat (i.e., free from the ssh-bruteforce > garbage) is this: for a given number of login failures (e.g., 8), add an > ipfw rule that blocks all traffic from the offending IP#. Of course, this > has got to be automatized (script?). I used to add the rules manually, as > an experiment, and I found that attacks from one IP# do repeat, though > very seldom (the period may be as long as a few months). The rule list > will grows without bounds :( I figure, this reduces the amount of recieved > spam slightly too. > Yes, not a novel idea (to phrase it soflty); yet, I actually tested it, > found that there's net gain from doing that (as small as it may be), > and no noticeable bad consequences. ports/security/bruteblock (there's another one for pf, this one is for ipfw) -- John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200609281019.42614.jhb>