"Melameth, Daniel D." <[EMAIL PROTECTED]> writes: > On a consumer-class Internet connection, I don't expect too much. > However, the following should only log ssh:
That is what got me going on this... By negligence I'd left ssh open after coming home from a trip where I had it open for connectiong to home machine. Normally I turn it back off when I'm home. I saw over a 5 day period some 13,000 hits on ssh port. Apparently some half configured dictionary attacks. I say half configured because the attemted user names don't seem to be in any recognizable order. My passwords are good so I didn't get too worried but it did cause me to wonder what is going on that my ssh port got so interesting suddenly. Of coures I turned it off, but that leaves me with the sorry logging facilities of the NETGEAR > # Block all traffic and block and log ssh > block all > block in log on $ext_if inet proto tcp from any to $ext_if port ssh Thanks, thats the one I was stumbling around with. I read your comments about further help and want to thank you for the help already given. I think it may be all I needed to get this done. But I'll be back to pester people once I've gotten up my nerve and put the OBSD box up to the plate.