[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Party

To: freebsd-chat_(_at_)_freebsd_(_dot_)_org
Subject: Re: Party
From: David King <dking_(_at_)_ketralnis_(_dot_)_com>
Date: Thu, 28 Sep 2006 09:45:46 -0700

What can be done to keep the logs neat (i.e., free from the ssh-bruteforcegarbage) is this: for a given number of login failures (e.g., 8),add anipfw rule that blocks all traffic from the offending IP#. Ofcourse, this
has got to be automatized (script?).

I find security/sshit works well for this, it reads a tail pipe outof syslog and add ipfw rules (and can time them out)

I used to add the rules manually, as
an experiment, and I found that attacks from one IP# do repeat, though
very seldom (the period may be as long as a few months). The rule list
will grows without bounds :( I figure, this reduces the amount ofrecieved
spam slightly too.
Yes, not a novel idea (to phrase it soflty); yet, I actually testedit,
found that there's net gain from doing that (as small as it may be),
and no noticeable bad consequences.

[SorAlx]  ridin' VN1500-B2
_______________________________________________
freebsd-chat_(_at_)_freebsd_(_dot_)_org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-chat
To unsubscribe, send any mail to "freebsd-chat-unsubscribe_(_at_)_freebsd_(_dot_)_org"


--
David King
Computer Programmer
Ketralnis Systems


_______________________________________________
freebsd-chat_(_at_)_freebsd_(_dot_)_org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-chat
To unsubscribe, send any mail to "freebsd-chat-unsubscribe_(_at_)_freebsd_(_dot_)_org"

References:
- Party
  - From: Jacula Modyun
- Re: Party
  - From: Robert C Wittig
- Re: Party
  - From: Adam Martin
- Re: Party
  - From: soralx

Prev by Date: Re: Party
Next by Date: Re: Party
Previous by thread: Re: Party
Next by thread: Re: Party
Index(es):
- Date
- Thread

Visit your host, monkey.org