Date: Tue, 30 Sep 2008 02:45:20 -0700 From: Jeremy Chadwick <koitsu@FreeBSD.org> To: Jeroen Ruigrok van der Werven <asmodai@in-nomine.org> Cc: freebsd-hackers@freebsd.org, Rich Healey <healey.rich@gmail.com> Subject: Re: SSH Brute Force attempts Message-ID: <20080930094520.GA42893@icarus.home.lan> In-Reply-To: <20080930075632.GT30869@nexus.in-nomine.org> References: <48E16E93.3090601@gmail.com> <20080930075632.GT30869@nexus.in-nomine.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Sep 30, 2008 at 09:56:32AM +0200, Jeroen Ruigrok van der Werven wrote: > -On [20080930 05:14], Rich Healey (healey.rich@gmail.com) wrote: > >What do you BSD guys use for this purpose? > > I actually use blockhosts, which is a Python solution you tie into > hosts.allow. > > http://www.aczoom.com/cms/blockhosts In no way shape or form does this solve the problem of the attackers being able to establish a TCP connection to you -- they are still tying up sockets, mbufs, and extra network I/O (coming from you when you respond and close the socket). TCP wrappers are absolutely 100% worthless in this day and age. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080930094520.GA42893>