I also get a large amount of atttacks via ssh, i decided that the people who have access to my server (only 12) know what their usernames are. my decision was to set up a swatch script to monitor the types of errors that are picked up in the logs:

-if the attempt was with a username that doesnt exist - i add the ip to a db of banned ips and flush and restart ipfw

-if it is from a username that does exist - i give the person 5 tries, if by the 5th try they cant get in, i add the ip to the db as stated above.

it sounds pretty harsh, but it definetely stops those idiots. ive got a large list of ips, and from nmapping them most are from people running entry level linux distros with many holes in their security setup. i could get revenge, but not worth it.

if anyone is curious about the script let me know,
Ben


Maarten Sanders wrote:

On Thu, 2005-08-25 at 07:22 -0400, Lee Capps wrote:
On 11:18 Wed 24 Aug     , Chris St Denis wrote:
How can I easily auto deny after x failed attempts? Is this an sshd setting?
I could find it.

Is there something in ports that will firewall off somebody who is brute
forcing?
In addition to adding entries to /etc/hosts.allow you could try
DenyHosts:

http://denyhosts.sourceforge.net/

I didn't find a port, but it works with FreeBSD and isn't too onerous to
install.

HTH,

Lee
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Nice suggestion, but how do I enable tcp_wrappers with sshd?

See : http://denyhosts.sourceforge.net/ssh_config.html I tried adding
sshd: 127.0.0.1 : deny to /etc/hosts.allow but I failed the described
test.
Maarten


_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to