On Friday 23 September 2005 14:40, John Marten wrote: > You know what i mean? Every day I get some script kiddie, or adult > trying to guess usernames or passwords. > I've installed the newest version of SSH, so i'm covered there. But I > still get a dozen or 2 of the > "sshd Invalid user somename from ###.##.##.###" > "input_userauth_request: ivalid user somename" > "Failed password for invalid user somename" > "Recieved disconnect from ###.##.##.###" > Someone told me to add a 'block in quick on $net inet proto {tcp,udp} > from ###.##.##.### to any flags S/SA' > entry in my pf.conf file. But if I had do that for every hacker my > pf.conf would be huge! > There's got to be a better way, and I'm open to suggestions. > > > John F. Marten III > > Information Technology Special
Don't know if this is "better" and then "better" in what sense but here it goes and it's easy as pie: I installed "denyhosts" - a python script. Obvious downside is that you need to install python. Only adjustment you need to do is that denyhosts looks into /var/log/authlog for OBSD instead of /var/log/auth.log for Linux. My /etc/hosts.deny is growing steadily ever since ... Kind regards, Eike -- Eike Lantzsch ZP6CGE Casilla de Correo 1519 Asuncion / Paraguay Tel.: 595-21-578698 FAX: 595-21-578690