On Mon, Jan 18, 2010 at 4:39 PM, David Southwell <da...@vizion2000.net>wrote:
> Examples from hosts.deniedssh > I seem to be on the receiving end of a concerted series of unsuccessful > break > in attacks on one of our systems. One small part of the attack has > resulted > in over 2000 entries in our hosts.deniedssh file in less than 1 hour. > > I would be interested in any comments on the small example shown below and > any > advice. > > Thanks in advance > > David > r200-40-132-245.static.adinet.com.uy > mail.munisanmiguel.gob.pe > port-83-236-241-198.static.qsc.de > pd95b50ce.dip0.t-ipconnect.de > v32641.1blu.de > dubovik.net > r200-40-132-245.static.adinet.com.uy > mail.munisanmiguel.gob.pe > port-83-236-241-198.static.qsc.de > pd95b50ce.dip0.t-ipconnect.de > v32641.1blu.de > dubovik.net > r200-40-132-245.static.adinet.com.uy > mail.munisanmiguel.gob.pe > port-83-236-241-198.static.qsc.de > pd95b50ce.dip0.t-ipconnect.de > v32641.1blu.de > dubovik.net > r200-40-132-245.static.adinet.com.uy > mail.munisanmiguel.gob.pe > port-83-236-241-198.static.qsc.de > pd95b50ce.dip0.t-ipconnect.de > v32641.1blu.de > dubovik.net > r200-40-132-245.static.adinet.com.uy > mail.munisanmiguel.gob.pe > port-83-236-241-198.static.qsc.de > pd95b50ce.dip0.t-ipconnect.de > v32641.1blu.de > dubovik.net > r200-40-132-245.static.adinet.com.uy > mail.munisanmiguel.gob.pe > port-83-236-241-198.static.qsc.de > pd95b50ce.dip0.t-ipconnect.de > v32641.1blu.de > dubovik.net > r200-40-132-245.static.adinet.com.uy > mail.munisanmiguel.gob.pe > port-83-236-241-198.static.qsc.de > pd95b50ce.dip0.t-ipconnect.de > v32641.1blu.de > dubovik.net > r200-40-132-245.static.adinet.com.uy > Looks like your conf could use some love. Why are you resolving ip's? Thresholds can be lowered. Are you syncing with remote list? -- Adam Vande More _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"