Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 3 Dec 2008 19:43:26 -0600
From:      Jeffrey Goldberg <jeffrey@goldmark.org>
To:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Firewalls using a DNSbl (and distributed ssh attacks)
Message-ID:  <D6D13508-3ED2-4DF3-ACF4-F09EB64784E3@goldmark.org>

next in thread | raw e-mail | index | archive | help
It's not a big issue, but I'm wondering if there is a DNSBl that lists  
IPs that are engaging in brute force ssh attacks.  And if there is  
such a list, is there a way to integrate that information into a  
firewall or sshd.

As I've said this really isn't a big issue for me, as the brute force  
attempts at sshd are nothing but an annoyance as I review logs.

The attacks that I'm seeing appear to be coordinated and distributed.   
That is, there will be one attempt on username "fred" from one IP  
immediately followed by an attempt on "freddy" from another IP  
followed by an attempt on "fredrick" from a third source and so on.

Cheers,

-j



-- 
Jeffrey Goldberg                        http://www.goldmark.org/jeff/




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D6D13508-3ED2-4DF3-ACF4-F09EB64784E3>