I also get a large amount of atttacks via ssh, i decided that the people
who have access to my server (only 12) know what their usernames are. my
decision was to set up a swatch script to monitor the types of errors
that are picked up in the logs:
-if the attempt was with a username that doesnt exist - i add the ip to
a db of banned ips and flush and restart ipfw
-if it is from a username that does exist - i give the person 5 tries,
if by the 5th try they cant get in, i add the ip to the db as stated above.
it sounds pretty harsh, but it definetely stops those idiots. ive got a
large list of ips, and from nmapping them most are from people running
entry level linux distros with many holes in their security setup. i
could get revenge, but not worth it.
if anyone is curious about the script let me know,
Ben
Maarten Sanders wrote:
On Thu, 2005-08-25 at 07:22 -0400, Lee Capps wrote:
On 11:18 Wed 24 Aug , Chris St Denis wrote:
How can I easily auto deny after x failed attempts? Is this an sshd setting?
I could find it.
Is there something in ports that will firewall off somebody who is brute
forcing?
In addition to adding entries to /etc/hosts.allow you could try
DenyHosts:
http://denyhosts.sourceforge.net/
I didn't find a port, but it works with FreeBSD and isn't too onerous to
install.
HTH,
Lee
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Nice suggestion, but how do I enable tcp_wrappers with sshd?
See : http://denyhosts.sourceforge.net/ssh_config.html
I tried adding
sshd: 127.0.0.1 : deny to /etc/hosts.allow but I failed the described
test.
Maarten
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"