2009/10/3 Jukka Ruohonen <jruoho...@iki.fi> > On Fri, Oct 02, 2009 at 05:17:59PM -0400, Greg Larkin wrote: > > You could set up DenyHosts and contribute to the pool of IPs that are > > attempting SSH logins on the Net: > > http://denyhosts.sourceforge.net/faq.html#4_0 > > While I am well aware that a lot of people use DenyHosts or some equivalent > tool, I've always been somewhat skeptical about these tools. Few issues: > > 1. Firewalls should generally be as static as is possible. There is a > reason > why high securelevel prevents modifications to firewalls. > > 2. Generally you do not want some parser to modify your firewall rules. > Parsing log entries created by remote unauthenticated users as root is > never a good idea. > > 3. Doing (2) increases the attack surface. > > 4. There have been well-documented cases where (3) has opened opportunities > for both remote and local DoS. > > Two cents, as they say, > > Jukka. > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org" >
simplest this to do is disable password auth, and use key based. _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"