On 8/27/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > if this server was used by 100+ people i would of course not have such a > > harsh security script set up. everyone who uses it has great experience > > and understands the consequences. like i said before, this is usually > > for personal use and has about 12 users total. if this was used to > > manage ssh on something big i would lower the security measures. > > > > hope you can understand some now :) > > Certainly. However, given that you are willing to accept (risk?) 5 attempts > at a legitimate account I don't believe there would be any greater risk > in allowing the same for invalid accounts also, given that the likelihood > of gaining access to those is actually less - and it would make your script > simpler, too, whilst preventing the (albeit, unlikely in your situation) > possibility of a DoS to a valid user. To be honest, reversing your logic > somewhat wrt valid/invalid accounts and 1/5 attempts could have merit also. > > That said, I'd be interested in seeing how you implement this with swatch > as I'm looking at log parsing solutions in general. >
I'd like to see it too, my logs are filled with brute force ssh login attempts. I'd like something like... x attempts in y time blocks source IP (or class c block etc.) for z hours. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"