Christian Tischler <[EMAIL PROTECTED]> writes: > as I have an DSL line witch is 24/7 online (coming from an big and > popular provider) my servers sshd reports 30 to 50 failed > root/operator/etc. logins a day. I would like to block the incoming ip > for a few days automaticly after e.g failed login requests.
As others have said, this is probably more of a nuisance issue than a security issue. Anyway, this was discussed recently on undeadly.org (aka OpenBSD Journal). The discussion, which offers some interesting input (some of it OpenBSD specific or at least requiring pf), is available at http://undeadly.org/cgi?action=article&sid=20041231195454 Then again, at least in some cases, the people listed in the whois info for the offending IP appreciate a politely worded notification. Quite likely they do not want this kind of activity either. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales" _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
