Have snort or portsentry add those ips to a table in pf.conf.
--Bryan
On 9/23/05, John Marten <[EMAIL PROTECTED]> wrote:
> You know what i mean? Every day I get some script kiddie, or adult
> trying to guess usernames or passwords.
> I've installed the newest version of SSH, so i'm covered there. But I
> still get a dozen or 2 of the
> "sshd Invalid user somename from ###.##.##.###"
> "input_userauth_request: ivalid user somename"
> "Failed password for invalid user somename"
> "Recieved disconnect from ###.##.##.###"
> Someone told me to add a 'block in quick on $net inet proto {tcp,udp}
> from ###.##.##.### to any flags S/SA'
> entry in my pf.conf file. But if I had do that for every hacker my
> pf.conf would be huge!
> There's got to be a better way, and I'm open to suggestions.
>
>
> John F. Marten III
>
> Information Technology Specialist
