On 3/31/06, Nathan Vidican <[EMAIL PROTECTED]> wrote: > Noted recently in auth.log, a string of connection attempts repeated/failed > over > and over from one host - looks like a script someone's running, tries all > kinds > of various usernames, etc... attempts like 100-200 logins, fails and goes > away. > > Few hours go by, and another such attempt, from a different IP comes in. If > I'm > here and just happen to notice them - simple ipfw add deny... does the trick, > but is there not a way to limit the login attempts for a certain period of > time? > > ie: after 4 failed attempts from IP _BLANK_ in less than _BLANK_ minutes, deny > all attempts and drop connection from said IP... possible? > > Any suggestions/ideas? Thus far, no one has managed to login (there are only > three accounts which even have a shell or can login via ssh... but still not > the > point). I'd just like to get rid of the problem and save my auth.log file for > perhaps something more useful ;) > [snip]
This pf.conf rule will stop them: block drop log quick on xl0 proto tcp from any os "Linux" to any port = ssh _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"