/etc/hosts.deniedssh

Erik Norgaard norgaard at locolomo.org
Tue Jan 19 07:21:28 UTC 2010


David Southwell wrote:
> Examples from hosts.deniedssh
> I seem to be on the receiving end of a concerted series of unsuccessful break 
> in attacks on one of our systems. One small part of the attack has  resulted 
> in over 2000 entries in our hosts.deniedssh file in less than 1 hour. 
> 
> I would be interested in any comments on the small example shown below and any 
> advice.

1. see thread from last week "denying spam hosts ssh access"
2. don't resolve ips
3. do a sort, you'll see that many come from the same network, possibly 
the same node with a new IP, block entire ranges, blocking individual 
ip's is futile.
4. consider blocking in your firewall
5. don't worry, unsuccesfull attacks are - well, unsuccesfull

BR, Erik

-- 
Erik Nørgaard
Ph: +34.666334818/+34.915211157                  http://www.locolomo.org


More information about the freebsd-questions mailing list