Date: Tue, 11 Jan 2005 17:39:51 +0100 From: Olaf Greve <o.greve@axis.nl> To: Ted Mittelstaedt <tedm@toybox.placo.com> Cc: freebsd-questions@freebsd.org Subject: Re: Blacklisting IPs Message-ID: <41E40157.1090702@axis.nl> In-Reply-To: <LOBBIFDAGNMAMLGJJCKNAEAEFAAA.tedm@toybox.placo.com> References: <LOBBIFDAGNMAMLGJJCKNAEAEFAAA.tedm@toybox.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, > It's best to report them and it's not hard to do it. There > are automated tools that will do it. I would be very interested in setting up such a tool on my server as well. My passwords are not easy to guess, and root is not allowed to login anyways, and changes are extremely slim that someone will guess the one and only username/password combination that is actually allowed to SSH and to su -. Nonetheless, I find it annoying that some kids with nothing better to do download these stupid brute force tools in order to call themselves hackers. Duh! Therefore, I could well do without having 22,000 lines of failed attempts in my securityy logs (though as of late they haven't been that long), and I wouldn't mind reporting the critters to their ISPs. Does anyone have a good suggestion for such a tool? It would be cool if the tool could spot such brute force attempts, and when it sees e.g. more than 5 failed attempts from the same IP within say 5 minutes of time, it would blacklist the IP, and would automatically report the crack attempt to the ISP of the critters. Anyone? Cheerz! Olafo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41E40157.1090702>