Date: Tue, 14 Nov 2006 01:20:45 -0800 From: "Leo L. Schwab" <ewhac@best.com> To: freebsd-questions@freebsd.org Subject: Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong? Message-ID: <20061114092045.GB3207@best.com> In-Reply-To: <4558D2A3.50904@locolomo.org> References: <20061113060528.GA7646@best.com> <4558D2A3.50904@locolomo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Nov 13, 2006 at 09:16:35PM +0100, Erik Norgaard wrote: > Honestly, I wouldn't worry about it: review your config and make some > simple choices to reduce the noise, see this article: > > http://www.securityfocus.com/infocus/1876 > But I rather thought that was the point of 'bruteblock' -- it reduces the noise by blackholing the offending IPs for an hour or so. This blackholing doesn't appear to be happening, and I don't understand why. Could it be a permission problem -- syslog doesn't have permission to change the firewall rules? Schwab
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061114092045.GB3207>