Ahh -

Exactly the scenario here, except the names were different (but similar) 
and the source IP was:


On Wed, 8 Sep 2004, Jonathan Chen wrote:

> On Tue, Sep 07, 2004 at 09:42:16AM -0400, Mike Galvez wrote:
> > I am seeing a lot of automated attacks lately against sshd such as:
> > 
> [...]
 > > Sep  6 12:16:39 www sshd[29901]: Failed password for illegal user 
server from port 4044 ssh2
 > > Sep  6 12:16:41 www sshd[29902]: Failed password for illegal user 
adam from port 4072 ssh2
 ... etc

> > Is there a method to make this more expensive to the attacker, such as
> > tar-pitting?

> Put in a ipfw block on the netblock/country. At the very least it will
> make it pretty slow for the initial TCP handshake.

 - John Mills

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to