[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Party



What can be done to keep the logs neat (i.e., free from the ssh- bruteforce garbage) is this: for a given number of login failures (e.g., 8), add an ipfw rule that blocks all traffic from the offending IP#. Of course, this
has got to be automatized (script?).

I find security/sshit works well for this, it reads a tail pipe out of syslog and add ipfw rules (and can time them out)


I used to add the rules manually, as
an experiment, and I found that attacks from one IP# do repeat, though
very seldom (the period may be as long as a few months). The rule list
will grows without bounds :( I figure, this reduces the amount of recieved
spam slightly too.
Yes, not a novel idea (to phrase it soflty); yet, I actually tested it,
found that there's net gain from doing that (as small as it may be),
and no noticeable bad consequences.

[SorAlx]  ridin' VN1500-B2
_______________________________________________
freebsd-chat_(_at_)_freebsd_(_dot_)_org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-chat
To unsubscribe, send any mail to "freebsd-chat- unsubscribe_(_at_)_freebsd_(_dot_)_org"

--
David King
Computer Programmer
Ketralnis Systems


_______________________________________________
freebsd-chat_(_at_)_freebsd_(_dot_)_org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-chat
To unsubscribe, send any mail to "freebsd-chat-unsubscribe_(_at_)_freebsd_(_dot_)_org"


Visit your host, monkey.org