From owner-freebsd-questions@FreeBSD.ORG  Mon Jan 18 22:39:34 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id F0CA6106568B
	for <freebsd-questions@freebsd.org>;
	Mon, 18 Jan 2010 22:39:34 +0000 (UTC)
	(envelope-from david@vizion2000.net)
Received: from dns1.vizion2000.net (dns1.vizion2000.net [62.49.197.50])
	by mx1.freebsd.org (Postfix) with ESMTP id B4AEF8FC18
	for <freebsd-questions@freebsd.org>;
	Mon, 18 Jan 2010 22:39:34 +0000 (UTC)
Received: by dns1.vizion2000.net (Postfix, from userid 1001)
	id 5C85434D46B; Mon, 18 Jan 2010 22:39:20 +0000 (GMT)
From: David Southwell <david@vizion2000.net>
Organization: Voice & Vision
To: freebsd-questions@freebsd.org
Date: Mon, 18 Jan 2010 22:39:20 +0000
User-Agent: KMail/1.12.4 (FreeBSD/7.2-RELEASE-p3; KDE/4.3.4; amd64; ; )
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-Id: <201001182239.20153.david@vizion2000.net>
Subject: /etc/hosts.deniedssh
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jan 2010 22:39:35 -0000

Examples from hosts.deniedssh
I seem to be on the receiving end of a concerted series of unsuccessful break 
in attacks on one of our systems. One small part of the attack has  resulted 
in over 2000 entries in our hosts.deniedssh file in less than 1 hour. 

I would be interested in any comments on the small example shown below and any 
advice.

Thanks in advance

David
r200-40-132-245.static.adinet.com.uy
mail.munisanmiguel.gob.pe
port-83-236-241-198.static.qsc.de
pd95b50ce.dip0.t-ipconnect.de
v32641.1blu.de
dubovik.net
r200-40-132-245.static.adinet.com.uy
mail.munisanmiguel.gob.pe
port-83-236-241-198.static.qsc.de
pd95b50ce.dip0.t-ipconnect.de
v32641.1blu.de
dubovik.net
r200-40-132-245.static.adinet.com.uy
mail.munisanmiguel.gob.pe
port-83-236-241-198.static.qsc.de
pd95b50ce.dip0.t-ipconnect.de
v32641.1blu.de
dubovik.net
r200-40-132-245.static.adinet.com.uy
mail.munisanmiguel.gob.pe
port-83-236-241-198.static.qsc.de
pd95b50ce.dip0.t-ipconnect.de
v32641.1blu.de
dubovik.net
r200-40-132-245.static.adinet.com.uy
mail.munisanmiguel.gob.pe
port-83-236-241-198.static.qsc.de
pd95b50ce.dip0.t-ipconnect.de
v32641.1blu.de
dubovik.net
r200-40-132-245.static.adinet.com.uy
mail.munisanmiguel.gob.pe
port-83-236-241-198.static.qsc.de
pd95b50ce.dip0.t-ipconnect.de
v32641.1blu.de
dubovik.net
r200-40-132-245.static.adinet.com.uy
mail.munisanmiguel.gob.pe
port-83-236-241-198.static.qsc.de
pd95b50ce.dip0.t-ipconnect.de
v32641.1blu.de
dubovik.net
r200-40-132-245.static.adinet.com.uy