Attacks on ssh port
Willem Jan Withagen
wjw at withagen.nl
Sun Sep 26 14:36:44 PDT 2004
David D.W. Downey wrote:
>On Fri, 24 Sep 2004 23:49:09 +0200, Alex de Kruijff
><freebsd at akruijff.dds.nl> wrote:
>
>
>>>Then you can still see the attempts (and thus log the IP information
>>>for contacting the abuse@ for the responsible IP controller) while
>>>limiting your log sizes.
>>>
>>>
>>This only logs the first tree catches (when the log attribuut is set)
>>per rule. You may want to set this a little higher like 100.
>>
>>
>>
>
>while I agree my example of 3 was low (meant only to instruct) I would
>say more along the lines of 25. if someone is hitting you 25 times in
>a row and getting tagged by that rule, you can bet your butt it's not
>a client of your's.
>
It is even simpler:
Anybody trying to use root as user for ssh-login is not a customer
of mine....
And if he has not figured out that he's doing something wrong after
3 tries, little chance that he is really just making a mistake.
--WjW
More information about the freebsd-security
mailing list