/etc/hosts.deniedssh
Erik Norgaard
norgaard at locolomo.org
Tue Jan 19 07:21:28 UTC 2010
David Southwell wrote:
> Examples from hosts.deniedssh
> I seem to be on the receiving end of a concerted series of unsuccessful break
> in attacks on one of our systems. One small part of the attack has resulted
> in over 2000 entries in our hosts.deniedssh file in less than 1 hour.
>
> I would be interested in any comments on the small example shown below and any
> advice.
1. see thread from last week "denying spam hosts ssh access"
2. don't resolve ips
3. do a sort, you'll see that many come from the same network, possibly
the same node with a new IP, block entire ranges, blocking individual
ip's is futile.
4. consider blocking in your firewall
5. don't worry, unsuccesfull attacks are - well, unsuccesfull
BR, Erik
--
Erik Nørgaard
Ph: +34.666334818/+34.915211157 http://www.locolomo.org
More information about the freebsd-questions
mailing list