Edwin D. Vinas wrote:
> hello,
>
> shown below is snapshot of too many illegal
> attempts to login to my server from a suspicious
> hacker. this is taken from the "/var/log/auth.log".
> my question is, how do i automatically block an
> IP address if it is attempting to guess my login
> usernames? can i configure the firewall to check
> the instances a certain IP has
My solution is not full proof, but appears to be good
enough to stop these bulk attacks on my server. I use
a combination of firewall & alternative sshd port.
For example, in /etc/rc.conf, I have:
sshd_enable="YES"
sshd_flags="-p 22 -p 1234"
(choose 1234 whatever alternative port number you
prefer)
Then add two tcp rules to your firewall:
ipfw add allow log tcp from 55.44.33.22/11 to \
${oip} ssh in via ${oif} setup
ipfw add allow log tcp from any to ${oip} 1234 \
in via ${oif} setup
where "55.44.33.22/11" represents your, more or less,
trusted nearby network, ${oip} your outbound IP and
${oif} your outbound interface (e.g. rl0).
I suppose you're familiar enough with firewall rules.
These firewall rules allow 'regular' ssh connections
only from within your nearby network; all other
parties must connect over the alternative port number,
1234 in this example.
Regards,
Rob.
__________________________________
Do you Yahoo!?
Yahoo! Sports - Sign up for Fantasy Baseball.
http://baseball.fantasysports.yahoo.com/
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
