On Friday 23 September 2005 14:40, John Marten wrote:
> You know what i mean? Every day I get some script kiddie, or adult
> trying to guess usernames or passwords.
> I've installed the newest version of SSH, so i'm covered there. But I
> still get a dozen or 2 of the
> "sshd Invalid user somename from ###.##.##.###"
> "input_userauth_request: ivalid user somename"
> "Failed password for invalid user somename"
> "Recieved disconnect from ###.##.##.###"
> Someone told me to add a 'block in quick on $net inet proto {tcp,udp}
> from ###.##.##.### to any flags S/SA'
> entry in my pf.conf file. But if I had do that for every hacker my
> pf.conf would be huge!
> There's got to be a better way, and I'm open to suggestions.
>
>
> John F. Marten III
>
> Information Technology SpecialDon't know if this is "better" and then "better" in what sense but here it goes and it's easy as pie: I installed "denyhosts" - a python script. Obvious downside is that you need to install python. Only adjustment you need to do is that denyhosts looks into /var/log/authlog for OBSD instead of /var/log/auth.log for Linux. My /etc/hosts.deny is growing steadily ever since ... Kind regards, Eike -- Eike Lantzsch ZP6CGE Casilla de Correo 1519 Asuncion / Paraguay Tel.: 595-21-578698 FAX: 595-21-578690
