Date: 11 Oct 2004 17:58:13 -0400 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: Joachim Dagerot <freebsd@dagerot.nu> Cc: freebsd-questions@freebsd.org Subject: Re: 'blacklisting' an IP-address after several loginfailures? Message-ID: <44hdp0534a.fsf@be-well.ilk.org> In-Reply-To: <200410112138.i9BLcep06705@thunder.trej.net> References: <200410112138.i9BLcep06705@thunder.trej.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Joachim Dagerot <freebsd@dagerot.nu> writes: > I'm under attack! > > I have pages up and down with failed login attempts, usually they are > trying to hack the root account (which simply can't be used to get in > by SSH) but they are also trying to access the system with various > usernames (bruth force). > > Is it easy to load a package that simply adds a deny entry for each IP > that has failed to login for X amounts of tries? See the "MaxStartups" option for configuring sshd. This is somewhat similar to what you were describing, but without the downside of giving an attacker the ability to lock some victim out of access to your machine.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44hdp0534a.fsf>