Date: Wed, 1 Dec 2004 12:04:10 +0000 From: Josh Paetzel <josh@tcbug.org> To: "Charles Ulrich" <charles@idealso.com> Cc: questions@freebsd.org Subject: Re: blacklisting failed ssh attempts Message-ID: <200412011204.10599.josh@tcbug.org> In-Reply-To: <43711.24.11.146.21.1101922894.squirrel@24.11.146.21> References: <43711.24.11.146.21.1101922894.squirrel@24.11.146.21>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 01 December 2004 17:41, you wrote: > This morning I noticed that an attacker spent over a full hour > trying to brute-force accounts and passwords via ssh on one of our > machines. These kinds of attacks are becoming more frequent. > > I was wondering: does anyone know of a way to blacklist a certain > IP (ideally, just for a certain time period) after a certain number > of failed login attempts via ssh? I could change the port that sshd > listens on, but I'd rather find a better solution, one that isn't > just another layer of obscurity. > > Thanks! This may or may not help you, but I generally firewall ssh so that only known addresses can get in. (whitelisting as opposed to blacklisting) -- Thanks, Josh Paetzel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200412011204.10599.josh>