Re: repeated ssh login attempts/failure/break-in attempts from kiddy script
- From: J65nko <j65nko@xxxxxxxxx>
- Date: Fri, 31 Mar 2006 18:38:45 +0200
On 3/31/06, Nathan Vidican <nvidican@xxxxxxxxx> wrote:
Noted recently in auth.log, a string of connection attempts repeated/failed over[snip]
and over from one host - looks like a script someone's running, tries all kinds
of various usernames, etc... attempts like 100-200 logins, fails and goes away.
Few hours go by, and another such attempt, from a different IP comes in. If I'm
here and just happen to notice them - simple ipfw add deny... does the trick,
but is there not a way to limit the login attempts for a certain period of time?
ie: after 4 failed attempts from IP _BLANK_ in less than _BLANK_ minutes, deny
all attempts and drop connection from said IP... possible?
Any suggestions/ideas? Thus far, no one has managed to login (there are only
three accounts which even have a shell or can login via ssh... but still not the
point). I'd just like to get rid of the problem and save my auth.log file for
perhaps something more useful ;)
This pf.conf rule will stop them:
block drop log quick on xl0 proto tcp from any os "Linux" to any port = ssh
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
- References:
- repeated ssh login attempts/failure/break-in attempts from kiddy script
- From: Nathan Vidican
- repeated ssh login attempts/failure/break-in attempts from kiddy script
- Prev by Date: Re: Best way to print photos
- Next by Date: Re: The packages in FreeBSD
- Previous by thread: Re: repeated ssh login attempts/failure/break-in attempts from kiddy script
- Next by thread: PHP4 install question
- Index(es):
Relevant Pages
|
