Date: Sat, 27 Aug 2005 20:37:40 -0400 From: nawcom <nawcom@nawcom.no-ip.com> To: freebsd-questions@auscert.org.au, freebsd-questions@freebsd.org Subject: Re: Illegal access attempt - FreeBSD 5.4 Release - please advise Message-ID: <43110754.6010608@nawcom.no-ip.com> In-Reply-To: <200508280029.j7S0T7X4043956@app.auscert.org.au> References: <200508280029.j7S0T7X4043956@app.auscert.org.au>
next in thread | previous in thread | raw e-mail | index | archive | help
if this server was used by 100+ people i would of course not have such a harsh security script set up. everyone who uses it has great experience and understands the consequences. like i said before, this is usually for personal use and has about 12 users total. if this was used to manage ssh on something big i would lower the security measures. hope you can understand some now :) Ben freebsd-questions@auscert.org.au wrote: >>-if the attempt was with a username that doesnt exist - i add the ip to >>a db of banned ips and flush and restart ipfw >> >> > >I'm curious about this bit - what do you do about accidentally mistyped >usernames by valid users? > >cheers, >-- Joel Hatton -- >Security Analyst | Hotline: +61 7 3365 4417 >AusCERT - Australia's national CERT | Fax: +61 7 3365 7031 >The University of Queensland | WWW: www.auscert.org.au >Qld 4072 Australia | Email: auscert@auscert.org.au >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43110754.6010608>