blacklisting failed ssh attempts
Ted Mittelstaedt
tedm at toybox.placo.com
Wed Dec 1 22:34:58 PST 2004
Charles,
This shouldn't bother you unless your in the habit of using
guessible passwords.
However if you can't let it go I suggest you run sshd with the
-i option, out of inetd. Of course you need a fast machine so
that the server key is generated in a second or so (or lower your
key length) Then replace inetd with xinetd and
setup all the DoS stuff on that.
Ted
> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Charles Ulrich
> Sent: Wednesday, December 01, 2004 9:42 AM
> To: questions at freebsd.org
> Subject: blacklisting failed ssh attempts
>
>
>
> This morning I noticed that an attacker spent over a full hour trying to
> brute-force accounts and passwords via ssh on one of our
> machines. These kinds
> of attacks are becoming more frequent.
>
> I was wondering: does anyone know of a way to blacklist a certain
> IP (ideally,
> just for a certain time period) after a certain number of failed login
> attempts via ssh? I could change the port that sshd listens on,
> but I'd rather
> find a better solution, one that isn't just another layer of obscurity.
>
> Thanks!
>
> --
> Charles Ulrich
> Ideal Solution, LLC - http://www.idealso.com
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list