Date: Wed, 8 Sep 2004 07:32:21 -0500 (EST) From: John Mills <johnmills@speakeasy.net> To: FreeBSD-questions <freebsd-questions@freebsd.org> Cc: Mike Galvez <hoosyerdaddy@virginia.edu> Subject: Re: Tar pitting automated attacks Message-ID: <Pine.LNX.4.44.0409080728520.5289-100000@otter.localdomain> In-Reply-To: <20040908025940.GA12835@grimoire.chen.org.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
Ahh - Exactly the scenario here, except the names were different (but similar) and the source IP was: 64.124.210.23 Thanks. On Wed, 8 Sep 2004, Jonathan Chen wrote: > On Tue, Sep 07, 2004 at 09:42:16AM -0400, Mike Galvez wrote: > > I am seeing a lot of automated attacks lately against sshd such as: > > > [...] > > Sep 6 12:16:39 www sshd[29901]: Failed password for illegal user server from 159.134.244.189 port 4044 ssh2 > > Sep 6 12:16:41 www sshd[29902]: Failed password for illegal user adam from 159.134.244.189 port 4072 ssh2 ... etc > > Is there a method to make this more expensive to the attacker, such as > > tar-pitting? > Put in a ipfw block on the netblock/country. At the very least it will > make it pretty slow for the initial TCP handshake. - John Mills john.m.mills@alum.mit.edu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.44.0409080728520.5289-100000>