Charles, This shouldn't bother you unless your in the habit of using guessible passwords.
However if you can't let it go I suggest you run sshd with the -i option, out of inetd. Of course you need a fast machine so that the server key is generated in a second or so (or lower your key length) Then replace inetd with xinetd and setup all the DoS stuff on that. Ted > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Charles Ulrich > Sent: Wednesday, December 01, 2004 9:42 AM > To: [EMAIL PROTECTED] > Subject: blacklisting failed ssh attempts > > > > This morning I noticed that an attacker spent over a full hour trying to > brute-force accounts and passwords via ssh on one of our > machines. These kinds > of attacks are becoming more frequent. > > I was wondering: does anyone know of a way to blacklist a certain > IP (ideally, > just for a certain time period) after a certain number of failed login > attempts via ssh? I could change the port that sshd listens on, > but I'd rather > find a better solution, one that isn't just another layer of obscurity. > > Thanks! > > -- > Charles Ulrich > Ideal Solution, LLC - http://www.idealso.com > > _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" > _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
