On 1/02/2008, at 8:39 PM, Peter N. M. Hansteen wrote:
Chris <[EMAIL PROTECTED]> writes:
my logs are filled with useless ssh bruteforce attempts - is there
anything i can do to avoid logging random brute force attacks?
since i
disallow ssh root login and use the allowuser acl - i guess i could
just avoid logging all these random attacks in my logs.
I suppose you already have a PF rule set with overload rules[1]? If
not, writing a few simple rules like the one in that example will rid
you of most of the noise.
[1] see eg http://home.nuug.no/~peter/pf/en/bruteforce.html
And I would recommend (seriously) a book by some fellow called
Peter N. M. Hansteen. I think he hangs around this list ... 8-)
The Book of PF - A No-Nonsense Guide to the OpenBSD Firewall (Paperback)
by P Hansteen (Author)
First tech. book in a long time that I have read cover-to-cover and
ear-marked quite a few pages for
investigating further.
Not sure if it fixes your exact problems (which logs exactly are
being filled? pflog? authlog? Are you
using pf or just sshd?)
