Re: Attacks on ssh port

From: Mikhail Goriachev (mikhailg_at_webanoide.org)
Date: 09/19/04

  • Next message: Terry: "Re:sshd security"
    Date: Sun, 19 Sep 2004 19:32:49 +1000
    To: Antony Mawer <fbsd-security@mawer.org>
    
    

    Antony Mawer wrote:
    > Chris Ryan wrote:
    >
    >>protection - with the appropriate active firewall that
    >>blocks their IP address after x failed attempts
    >>permanently....
    >
    >
    > Has anyone found any good scripts or utilities for automating this kind
    > of thing? I too have been subject to these probings, and my initial
    > thought was to firewall off any address after any number of incorrect
    > attempts.
    >
    > While I could write a script to parse the ipfilter logs, I didn't want
    > to go re-inventing the wheel for something which I was sure someone
    > would have already attempted.
    >
    > Anyone have any suggestions?
    >
    > Cheers
    > Antony

    Is it actually good idea to block those IPs? I get lots of attacks too
    on daily basis on my machines for: root, man, smmsp, nobody, bin,
    daemon, tty, uucp, mailnull, you-name-it etc. For several weeks I sent
    e-mails to abuse@{$attack-comming-from-x-network}.{$domain} and 0.01% of
    them replied. However, the attacks never come from same networks nor IPs.

    My 2 cents.

    Cheers,
    Mikhail

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Terry: "Re:sshd security"