Nathan Vidican <[EMAIL PROTECTED]> writes:
> ie: after 4 failed attempts from IP _BLANK_ in less than _BLANK_ minutes,
> deny
> all attempts and drop connection from said IP... possible?
using pf, this is astoundingly easy, see eg
http://www.bgnett.no/~peter/pf/en/bruteforce.html
If you go do
On 3/31/06, Nathan Vidican <[EMAIL PROTECTED]> wrote:
> Noted recently in auth.log, a string of connection attempts repeated/failed
> over
> and over from one host - looks like a script someone's running, tries all
> kinds
> of various usernames, etc... attempts like 100-200 logins, fails and goe
--On Friday, March 31, 2006 08:42:30 -0500 Nathan Vidican
<[EMAIL PROTECTED]> wrote:
Noted recently in auth.log, a string of connection attempts
repeated/failed over and over from one host - looks like a script
someone's running, tries all kinds of various usernames, etc... attempts
like 100-20
What you are seeing is ssh doing it's job like its designed to do.
This is not anything you have to worry about.
If you don't want to see these messages in your auth.log then
change syslog.conf to only send critical messages to the log.
There are a few different ports in the FreeBSD ports collecti
On 3/31/06, Nathan Vidican <[EMAIL PROTECTED]> wrote:
> Noted recently in auth.log, a string of connection attempts repeated/failed
> over
> and over from one host - looks like a script someone's running, tries all
> kinds
> of various usernames, etc... attempts like 100-200 logins, fails and goes
Nathan Vidican wrote:
> Noted recently in auth.log, a string of connection attempts
> repeated/failed over and over from one host - looks like a script
> someone's running, tries all kinds of various usernames, etc... attempts
> like 100-200 logins, fails and goes away.
>
> Few hours go by, and an
Disable password-based logins (use keys instead), move SSH to another
port, or install some kind of brute force monitor. First two options
are the best, but if for some reason you need to keep it on 22 and
password-based logins then look to a BF monitor. Just make sure you
actually need it..and d