Date: Fri, 5 Mar 2010 15:06:12 +0200 From: Eitan Adler <eitanadlerlist@gmail.com> To: John <john@starfire.mn.org> Cc: freebsd-questions@freebsd.org Subject: Re: Thousands of ssh probes Message-ID: <a0777e081003050506r5dd7b0bem53b3b237fca95c34@mail.gmail.com> In-Reply-To: <20100305125446.GA14774@elwood.starfire.mn.org> References: <20100305125446.GA14774@elwood.starfire.mn.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Mar 5, 2010 at 2:54 PM, John <john@starfire.mn.org> wrote: > My nightly security logs have thousands upon thousands of ssh probes > in them. =A0One day, over 6500. =A0This is enough that I can actually > "feel" it in my network performance. =A0Other than changing ssh to > a non-standard port - is there a way to deal with these? =A0Every > day, they originate from several different IP addresses, so I can't > just put in a static firewall rule. =A0Is there a way to get ssh > to quit responding to a port or a way to generate a dynamic pf > rule in cases like this? > -- > > John Lind > john@starfire.MN.ORG > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" > Look at security/blocksshd and security/denyhosts Also changing SSH to a non-standard port helps - a lot.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a0777e081003050506r5dd7b0bem53b3b237fca95c34>