Date: Wed, 1 Dec 2004 12:41:34 -0500 (EST) From: "Charles Ulrich" <charles@idealso.com> To: questions@freebsd.org Subject: blacklisting failed ssh attempts Message-ID: <43711.24.11.146.21.1101922894.squirrel@24.11.146.21>
next in thread | raw e-mail | index | archive | help
This morning I noticed that an attacker spent over a full hour trying to brute-force accounts and passwords via ssh on one of our machines. These kinds of attacks are becoming more frequent. I was wondering: does anyone know of a way to blacklist a certain IP (ideally, just for a certain time period) after a certain number of failed login attempts via ssh? I could change the port that sshd listens on, but I'd rather find a better solution, one that isn't just another layer of obscurity. Thanks! -- Charles Ulrich Ideal Solution, LLC - http://www.idealso.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43711.24.11.146.21.1101922894.squirrel>