I second that. Blocking ssh access from Linux hosts removes 95% of these attacks. Simple and effective.
block drop in log quick on $ext_if proto { tcp, udp } from any os Linux to any port ssh label "Block ssh from Linux hosts" /jkm * Nick Ryan ([EMAIL PROTECTED]) wrote: > You could use pf to block linux ssh access. > > block in log quick on $EXT_IF inet proto tcp from any os "Linux" to port > 22 label "Blocked Linux ssh access: " > > That'll reduce it quite a lot. > > > > John Marten wrote: > > >You know what i mean? Every day I get some script kiddie, or adult > >trying to guess usernames or passwords. > >I've installed the newest version of SSH, so i'm covered there. But I > >still get a dozen or 2 of the > >"sshd Invalid user somename from ###.##.##.###" > >"input_userauth_request: ivalid user somename" > >"Failed password for invalid user somename" > >"Recieved disconnect from ###.##.##.###" > >Someone told me to add a 'block in quick on $net inet proto {tcp,udp} > >from ###.##.##.### to any flags S/SA' > >entry in my pf.conf file. But if I had do that for every hacker my > >pf.conf would be huge! > >There's got to be a better way, and I'm open to suggestions. > > > > > >John F. Marten III > > > >Information Technology Specialist