Ahh - Exactly the scenario here, except the names were different (but similar) and the source IP was: 184.108.40.206
Thanks. On Wed, 8 Sep 2004, Jonathan Chen wrote: > On Tue, Sep 07, 2004 at 09:42:16AM -0400, Mike Galvez wrote: > > I am seeing a lot of automated attacks lately against sshd such as: > > > [...] > > Sep 6 12:16:39 www sshd: Failed password for illegal user server from 220.127.116.11 port 4044 ssh2 > > Sep 6 12:16:41 www sshd: Failed password for illegal user adam from 18.104.22.168 port 4072 ssh2 ... etc > > Is there a method to make this more expensive to the attacker, such as > > tar-pitting? > Put in a ipfw block on the netblock/country. At the very least it will > make it pretty slow for the initial TCP handshake. - John Mills [EMAIL PROTECTED] _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"