Date: Mon, 10 Jan 2005 19:42:16 +0000 From: Jez Hancock <jez.hancock@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: Blacklisting IPs Message-ID: <7b3c7f0b0501101142223c3e36@mail.gmail.com> In-Reply-To: <20050110172303.GA7456@keyslapper.org> References: <fd091951050109222052228399@mail.gmail.com> <20050110172303.GA7456@keyslapper.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 10 Jan 2005 12:23:04 -0500, Louis LeBlanc <FreeBSD@keyslapper.org> wrote: > On 01/10/05 12:20 AM, artware sat at the `puter and typed: > > Hello again, > > > > My 5.3R system has only been up a little over a week, and I've already > > had a few breakin attempts -- they show up as Illegal user tests in > > the /var/log/auth.log... It looks like they're trying common login > > names (probably with the login name used as passwd). It takes them > > hours to try a dozen names, but I'd rather not have any traffic from > > these folks. Is there any way to blacklist IPs at the system level, or > > do I have to hack something together for each daemon? > > > The best defense is a good firewall, good passwords, and restriction of > user ids that may login remotely. I started blocking the addresses that attacked but the frequency of the attacks made it impractical to add every attacking address to the firewall ruleset. I came to the conclusion that as long as the items you mention above are in place - especially good passwords - and the attacks aren't saturating the connection, then there's little to worry about - perhaps on a par with portscanning. Another fairly simple option though is to just change the port that sshd listens on since the attacks presume that sshd is listening on port 22. Not always practical though if you have lots of users. -- Jez Hancock - System Administrator / PHP Developer http://munk.nu/ http://freebsd.munk.nu/ - A FreeBSD Diary http://ipfwstats.sf.net/ - ipfw peruser traffic logging
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7b3c7f0b0501101142223c3e36>