В сообщении от Понедельник 13 ноября 2006 12:05 Leo L. Schwab написал(a):
>       I recently installed FreeBSD 6.1 on my gateway.  It replaced an
> installation of FreeBSD 4.6.8 (fresh install, not an upgrade) on which I
> had disabled the SSH server.  Since all the bugs in SSH are fixed now ( :-)
> ), I thought I'd leave the server on, and am somewhat dismayed to discover
> that I now get occasional brute-force/dictionary attacks on the port.
>
>       A little Googling revealed a couple of potentially useful tools:
> 'sshit' and 'bruteblock', both of which notice repeated login attempts from
> a given IP address and blackhole it in the firewall.  I first tried
> 'sshit', but after a couple days, I noticed in my daily reports that I was
> still getting lengthy bruteforce attempts, suggesting the 'sshit' was not
> working.
>
>       So I uninstalled 'sshit' and installed 'bruteblock'.  But again a
> couple days later, the logs showed lengthy bruteforce attempts going
> unblocked.
>
>       The relevant lines from my /etc/syslog.conf file are:
>
> ----
> auth.info;authpriv.info                               /var/log/auth.log
> auth.info;authpriv.info               | exec /usr/local/sbin/bruteblock -f
> /usr/local/etc/bruteblock/ssh.conf ----
>
>       Any hints as to what I might be doing wrong?
>
>                                       Thanks,
>                                       Schwab
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"

Why don't you just relax? :-) All my FreeBSD servers are bruteforced every 
second. So what? 

-- 
------------------------
С уважением, Бачило Дмитрий
Best Regards, Bachilo Dmitry
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to