Date: Mon, 14 Mar 2005 23:28:03 -0600 From: Josh Paetzel <josh@tcbug.org> To: freebsd-questions@freebsd.org, Kyle Jensen <kljgroups@gmail.com> Subject: Re: Cutting down on ssh breakin attempts Message-ID: <200503142328.04036.josh@tcbug.org> In-Reply-To: <fa357bee0503140504104f3aa4@mail.gmail.com> References: <fa357bee0503140504104f3aa4@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 14 March 2005 07:04, Kyle Jensen wrote: > Hi, > > I run a webmail server for a small company, which > is (of course) running FreeBSD 5-stable. I get about > 50-100 failed loging attempts via ssh on a daily basis. > > Occasionally, these show up in my daily security digest > with messages like: > > reverse mapping checking getaddrinfo for h169-210-68-8.a > dcast.com.tw failed - POSSIBLE BREAKIN ATTEMPT! > > But mostly it's stuff like > > Illegal user postgres from 210.68.8.169 > > What's the best way to cut down on these attempts? > I thought about adding a blacklist to my pf.conf rules > for the pf firewall. > > Any thoughts would be greatly appreciated! > Kyle Maybe this is an obvious question, but do you need world access to ssh? -- Thanks, Josh Paetzel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503142328.04036.josh>