repeated ssh login attempts/failure/break-in attempts from kiddy script

Noted recently in auth.log, a string of connection attempts repeated/failed over and over from one host - looks like a script someone's running, tries all kinds of various usernames, etc... attempts like 100-200 logins, fails and goes away.

Few hours go by, and another such attempt, from a different IP comes in. If I'm here and just happen to notice them - simple ipfw add deny... does the trick, but is there not a way to limit the login attempts for a certain period of time?

ie: after 4 failed attempts from IP _BLANK_ in less than _BLANK_ minutes, deny all attempts and drop connection from said IP... possible?

Any suggestions/ideas? Thus far, no one has managed to login (there are only three accounts which even have a shell or can login via ssh... but still not the point). I'd just like to get rid of the problem and save my auth.log file for perhaps something more useful ;)


--
Nathan Vidican
nvidican@xxxxxxxxx
Windsor Match Plate & Tool Ltd.
http://www.wmptl.com/
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Industry Standard Security and guest wifi access best practice
    ... usage policy and a login screen. ... Connection is simple for the end user and requires no VPN client ... Wireless subnet roaming would be really nice as well. ... implementing 802.1X as the complexity in supporting tennants would ...
    (alt.internet.wireless)
  • Re: Industry Standard Security and guest wifi access best practice
    ... usage policy and a login screen. ... Connection is simple for the end user and requires no VPN client ... Wireless subnet roaming would be really nice as well. ... implementing 802.1X as the complexity in supporting tennants would ...
    (alt.internet.wireless)
  • login script after setting up vpn connection
    ... server over vpn from their home computers. ... this script should map the p: drive to their personal folder (which is under ... I found at that running a script after you make a vpn connection can be done ... the username used to login locally to the workstation. ...
    (microsoft.public.scripting.wsh)
  • login script after setting up vpn connection
    ... server over vpn from their home computers. ... this script should map the p: drive to their personal folder (which is under ... I found at that running a script after you make a vpn connection can be done ... the username used to login locally to the workstation. ...
    (microsoft.public.scripting.vbscript)
  • login script after setting up vpn connection
    ... server over vpn from their home computers. ... this script should map the p: drive to their personal folder (which is under ... I found at that running a script after you make a vpn connection can be done ... the username used to login locally to the workstation. ...
    (microsoft.public.windows.server.scripting)