On Thu, 7 Oct 2004 15:15:25 -0700 (PDT) Luke <[EMAIL PROTECTED]> wrote:
> There are several script kiddies out there hitting my SSH server > every day. Sometimes they attempt to brute-force their way in > trying new logins every second or so for hours at a time. Given > enough time, I fear they will eventually get in. > Is there anything I can do to hinder them? > > I'd like to ban the IP after 50 failed attempts or something. I'd > heard that each failed attempt from a source was supposed to make > the daemon respond slower each time, thus limiting the usefulness of > brute force attacks, but I'm not seeing that behavior. I forget where in /etc it is, but look into setting up something that allows a certian number of failed logins before locking that IP/term out for a few minutes.... and if it is constantly from the same place look into calling their ISP or the like. Or in a few cases, like I have done in a few cases, and a deny from any to any for that chunk of the net... man login.conf for more info :) _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
