Attacks on ssh port
David D.W. Downey
david.downey at gmail.com
Sun Sep 26 01:33:04 PDT 2004
On Fri, 24 Sep 2004 23:49:09 +0200, Alex de Kruijff
<freebsd at akruijff.dds.nl> wrote:
> >
> > Then you can still see the attempts (and thus log the IP information
> > for contacting the abuse@ for the responsible IP controller) while
> > limiting your log sizes.
>
> This only logs the first tree catches (when the log attribuut is set)
> per rule. You may want to set this a little higher like 100.
>
while I agree my example of 3 was low (meant only to instruct) I would
say more along the lines of 25. if someone is hitting you 25 times in
a row and getting tagged by that rule, you can bet your butt it's not
a client of your's.
--
David D.W. Downey
More information about the freebsd-security
mailing list