On Dec 1, 2004, at 09:41, Charles Ulrich wrote:
This morning I noticed that an attacker spent over a full hour trying to
brute-force accounts and passwords via ssh on one of our machines. These kinds
of attacks are becoming more frequent.
I was wondering: does anyone know of a way to blacklist a certain IP (ideally,
just for a certain time period) after a certain number of failed login
attempts via ssh? I could change the port that sshd listens on, but I'd rather
find a better solution, one that isn't just another layer of obscurity.
I tried null routing their addresses and that stops that address. However, a day or so later they are back from a different address. After a couple months of this I changed the ports. Its a real pain.
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
