--- Vulpes Velox <[EMAIL PROTECTED]> wrote: > On Thu, 7 Oct 2004 15:15:25 -0700 (PDT) > Luke <[EMAIL PROTECTED]> wrote: > > > There are several script kiddies out there hitting > my SSH server > > every day. Sometimes they attempt to brute-force > their way in > > trying new logins every second or so for hours at > a time. Given > > enough time, I fear they will eventually get in. > > Is there anything I can do to hinder them? > > > > I'd like to ban the IP after 50 failed attempts or > something. I'd > > heard that each failed attempt from a source was > supposed to make > > the daemon respond slower each time, thus limiting > the usefulness of > > brute force attacks, but I'm not seeing that > behavior. > > I forget where in /etc it is, but look into setting > up something that > allows a certian number of failed logins before > locking that IP/term > out for a few minutes.... and if it is constantly > from the same place > look into calling their ISP or the like. > > Or in a few cases, like I have done in a few cases, > and a deny from > any to any for that chunk of the net... > > man login.conf for more info :) > _______________________________________________
Following the advice from here: http://isc.sans.org//diary.php?date=2004-09-11. What I did was to only allow access to one machine through my firewall for the ssh connections (ipfw limit). 2 per source address. And, for that one machine, I changed the sshd port to a different number. I was getting the same brute force attacks but they have dropped to nil since. _______________________________ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
