Date: Mon, 11 Jan 2010 16:13:55 +0200 From: Kaya Saman <SamanKaya@netscape.net> To: David Southwell <david@vizion2000.net> Cc: mexas@bristol.ac.uk, freebsd-questions@freebsd.org Subject: Re: denying spam hosts ssh access - good idea? Message-ID: <4B4B3223.2070204@netscape.net> In-Reply-To: <201001111408.43361.david@vizion2000.net> References: <20100111140105.GI61025@mech-cluster241.men.bris.ac.uk> <201001111408.43361.david@vizion2000.net>
next in thread | previous in thread | raw e-mail | index | archive | help
David Southwell wrote: >> I'm thinking of denying ssh access to host from which >> I get brute force ssh attacks. >> >> HOwever, I see in /etc/hosts.allow: >> >> # Wrapping sshd(8) is not normally a good idea, but if you >> # need to do it, here's how >> #sshd : .evil.cracker.example.com : deny >> >> Why is it not a good idea? >> >> Also, apparently in older ssh there was DenyHosts option, >> but no longer in the current version. >> Is there a replacement for DenyHOsts? >> Or is there a good reason for such option not to be used? >> >> many thanks >> anton >> >> > I use denyhosts ( /usr/ports/security/denyhosts ) works well for me. I also > use blackhole and sshguard > > david > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > Take a look at fail2ban: http://www.fail2ban.org/ This hooks in IPtables and really does a nice job of preventing DoS attacks from not just SSH but many other ports and protocols too. Regards, Kaya
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B4B3223.2070204>