On Jun 4, 2013 9:00 AM, "Tim Daneliuk" <tun...@tundraware.com> wrote: > > I am seeing login dictionary attacks on a FreeBSD mail server being > reported. Is there a way to determine the IPs that are doing this > so they can be blocked at the firewall? auth.log only > notes the attempted user name, not the IP of origin. > -- > ----------------------------------------------------------------------- > Tim Daneliuk > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " freebsd-questions-unsubscr...@freebsd.org"
On Jun 4, 2013 9:00 AM, "Tim Daneliuk" <tun...@tundraware.com> wrote: > > I am seeing login dictionary attacks on a FreeBSD mail server being > reported. Is there a way to determine the IPs that are doing this > so they can be blocked at the firewall? auth.log only > notes the attempted user name, not the IP of origin. > -- > ----------------------------------------------------------------------- > Tim Daneliuk > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " freebsd-questions-unsubscr...@freebsd.org" one idea is to run auth on a different service / machine on a non-standard port, that at least cuts down the noise from "non-targetted" scans. Waitman Gobble San Jose California USA _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
