artware wrote:
Hello again,
My 5.3R system has only been up a little over a week, and I've already had a few breakin attempts -- they show up as Illegal user tests in the /var/log/auth.log... It looks like they're trying common login names (probably with the login name used as passwd). It takes them hours to try a dozen names, but I'd rather not have any traffic from these folks. Is there any way to blacklist IPs at the system level, or do I have to hack something together for each daemon?
- ben
/etc/hosts.allow?
There were a lot of varying ideas in a thread titled "blacklisting failed ssh attempts on this list about Dec. 1st --- perhaps you can gain some wisdom there.
I don't know that it's much to worry about, just a bot looking for lame passwords on Linux boxen. There are a number of possible responses, and the likelihood of a successful "attack" via this mechanism seems slim....
Kevin Kinsey _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
