> On Mon, Nov 26, 2007 at 06:56:51PM -0800, badeguruji wrote: > > I just discovered by chance that, someone is > > constantly trying to break into my openbsd box from: > > > > 201.244.17.162 [corporativos24417-162.etb.net.co] > > 203.113.85.26 > > 211.20.79.85 > > 71.159.221.78 > > 82.207.116.209 > > > > whois details on each IP go to South America, Bangkok, > > Taiwan... all over the world! Although i have sent > > email to the email address in whois output, but the > > attacker may be spoofing the IP. > > > > By the pattern of attempt i can tell it is the same > > user. I am asking the communitie's help to how to > > block and, more properly, punish this unethical user. > > this user is running the attack constantly. I will > > have to shutdown the box for now and come back at > > later time when someone had posted some solution on > > the list. > > > > My box is behind router-NAT which is allowing ssh. I > > am not sure how this guy can get to my box which has > > pvt IP address from the internet thru the firewall. >
http://openbsd.org/faq/pf/filter.html Source tracking options is _perfect_ for this. A strong password never hurt either. -- Travers Buda
