Re: sshd attacks

---

• From: Chris Petrik <chris@xxxxxxxx>
• Date: Thu, 09 Feb 2006 11:08:30 GMT

---

On Tue, 03 May 2005 17:47:07 -0400, AF <none@xxxxxxxx> wrote:

Lowell Gilbert wrote:

Jed Clear <clear@xxxxxxxxxxxx> writes:

Is there a good tool for black holing an IP with ipfw after said IP
starts trying a user dictionary attack on sshd? Or even tries root
once?

To what end? Assuming your passwords are reasonably strong, you'd be
opening yourself up to easy denial-of-service attacks just to avoid a
few log messages.

On the other hand, I have large chunks of the IP space firewalled off
from my ssh port because I *know* I won't be logging in from address
space managed on other continents.

I like that idea...how would I go about doing this?
Maybe an allow directive rather than trying to shut out the world.
i.e. I am on East coast USA and could just allow connections from my Comcast
cable modem?

How did you come up with your "large chunks of the IP space" ?

You could always use xinetd and use the only_from = option
.

---

• Follow-Ups:
  • Re: sshd attacks
    • From: John Rushford

• Prev by Date: Re: ssh login issue
• Next by Date: Re: /dev/mem not loaded automatically
• Previous by thread: Re: ssh login issue
• Next by thread: Re: sshd attacks
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: sshd attacks ... >> Is there a good tool for black holing an IP with ipfw after said IP ... >> starts trying a user dictionary attack on sshd? ... How did you come up with your "large chunks of the IP space"? ... (comp.unix.bsd.freebsd.misc) Re: sshd attacks ... > starts trying a user dictionary attack on sshd? ... Or even tries root ... Assuming your passwords are reasonably strong, ... (comp.unix.bsd.freebsd.misc)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)