Chris <[EMAIL PROTECTED]> writes: > my logs are filled with useless ssh bruteforce attempts - is there > anything i can do to avoid logging random brute force attacks? since i > disallow ssh root login and use the allowuser acl - i guess i could > just avoid logging all these random attacks in my logs.
I suppose you already have a PF rule set with overload rules[1]? If not, writing a few simple rules like the one in that example will rid you of most of the noise. [1] see eg http://home.nuug.no/~peter/pf/en/bruteforce.html -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
