Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 19 Jan 2010 08:21:24 +0100
From:      Erik Norgaard <norgaard@locolomo.org>
To:        David Southwell <david@vizion2000.net>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: /etc/hosts.deniedssh
Message-ID:  <4B555D74.5060001@locolomo.org>
In-Reply-To: <201001182239.20153.david@vizion2000.net>
References:  <201001182239.20153.david@vizion2000.net>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
David Southwell wrote:
> Examples from hosts.deniedssh
> I seem to be on the receiving end of a concerted series of unsuccessful break 
> in attacks on one of our systems. One small part of the attack has  resulted 
> in over 2000 entries in our hosts.deniedssh file in less than 1 hour. 
> 
> I would be interested in any comments on the small example shown below and any 
> advice.

1. see thread from last week "denying spam hosts ssh access"
2. don't resolve ips
3. do a sort, you'll see that many come from the same network, possibly 
the same node with a new IP, block entire ranges, blocking individual 
ip's is futile.
4. consider blocking in your firewall
5. don't worry, unsuccesfull attacks are - well, unsuccesfull

BR, Erik

-- 
Erik Nørgaard
Ph: +34.666334818/+34.915211157                  http://www.locolomo.org



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?4B555D74.5060001>