I second that. Blocking ssh access from Linux hosts removes 95% of these
attacks. Simple and effective.
block drop in log quick on $ext_if proto { tcp, udp } from any os Linux to any
port ssh label "Block ssh from Linux hosts"
/jkm
* Nick Ryan ([EMAIL PROTECTED]) wrote:
> You could use pf to block linux ssh access.
>
> block in log quick on $EXT_IF inet proto tcp from any os "Linux" to port
> 22 label "Blocked Linux ssh access: "
>
> That'll reduce it quite a lot.
>
>
>
> John Marten wrote:
>
> >You know what i mean? Every day I get some script kiddie, or adult
> >trying to guess usernames or passwords.
> >I've installed the newest version of SSH, so i'm covered there. But I
> >still get a dozen or 2 of the
> >"sshd Invalid user somename from ###.##.##.###"
> >"input_userauth_request: ivalid user somename"
> >"Failed password for invalid user somename"
> >"Recieved disconnect from ###.##.##.###"
> >Someone told me to add a 'block in quick on $net inet proto {tcp,udp}
> >from ###.##.##.### to any flags S/SA'
> >entry in my pf.conf file. But if I had do that for every hacker my
> >pf.conf would be huge!
> >There's got to be a better way, and I'm open to suggestions.
> >
> >
> >John F. Marten III
> >
> >Information Technology Specialist
