What can be done to keep the logs neat (i.e., free from the ssh-
bruteforce
garbage) is this: for a given number of login failures (e.g., 8),
add an
ipfw rule that blocks all traffic from the offending IP#. Of
course, this
has got to be automatized (script?).
I find security/sshit works well for this, it reads a tail pipe out
of syslog and add ipfw rules (and can time them out)
I used to add the rules manually, as
an experiment, and I found that attacks from one IP# do repeat, though
very seldom (the period may be as long as a few months). The rule list
will grows without bounds :( I figure, this reduces the amount of
recieved
spam slightly too.
Yes, not a novel idea (to phrase it soflty); yet, I actually tested
it,
found that there's net gain from doing that (as small as it may be),
and no noticeable bad consequences.
[SorAlx] ridin' VN1500-B2
_______________________________________________
freebsd-chat@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-chat
To unsubscribe, send any mail to "freebsd-chat-
[EMAIL PROTECTED]"
--
David King
Computer Programmer
Ketralnis Systems
_______________________________________________
freebsd-chat@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-chat
To unsubscribe, send any mail to "[EMAIL PROTECTED]"