Thousands of ssh probes
Eitan Adler
eitanadlerlist at gmail.com
Fri Mar 5 13:06:40 UTC 2010
On Fri, Mar 5, 2010 at 2:54 PM, John <john at starfire.mn.org> wrote:
> My nightly security logs have thousands upon thousands of ssh probes
> in them. One day, over 6500. This is enough that I can actually
> "feel" it in my network performance. Other than changing ssh to
> a non-standard port - is there a way to deal with these? Every
> day, they originate from several different IP addresses, so I can't
> just put in a static firewall rule. Is there a way to get ssh
> to quit responding to a port or a way to generate a dynamic pf
> rule in cases like this?
> --
>
> John Lind
> john at starfire.MN.ORG
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
Look at security/blocksshd and security/denyhosts
Also changing SSH to a non-standard port helps - a lot.
More information about the freebsd-questions
mailing list