Date: Tue, 11 Jan 2005 09:18:19 -0500 From: Carleton Vaughn <keebler@mindspring.com> To: Gene <listmail@Bomgardner.net> Cc: "freebsd-questions@FreeBSD. ORG" <freebsd-questions@freebsd.org> Subject: Re: High levels of breakin attempts Message-ID: <41E3E02B.9080800@mindspring.com> In-Reply-To: <41E36115.6050003@Bomgardner.net> References: <41E36115.6050003@Bomgardner.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Gene wrote: > Over the past few months there have been a remarkably high level of > brute force attacks logged by sshd. I was wondering, is there a way that > sshd (or some other package) can monitor login attempts and if more than > say 5 or 6 attempts are made to login from a particular ip address, > temporarily block that address (perhaps at the firewall)? It'd be real > satisfying to just dump the attackers' packets to the bit bucket and > slow 'em down a bit. Not that I'm an expert (and not that that's stopping me), but this can be done by configuring sshd to use PAM and selecting a PAM module such as pam_abl that can blacklist sites that send too many attempts. See http://www.kernel.org/pub/linux/libs/pam/modules.html for examples. -- Carleton Vaughn College Park, Georgia, USA
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41E3E02B.9080800>