On Sat, Mar 9, 2013 at 11:57 AM, Tilman Schmidt
<t.schm...@phoenixsoftware.de> wrote:
>
> Mar 3 04:44:48 gimli sshd[12870]: reverse mapping checking getaddrinfo
> for hn.ly.kd.adsl failed - POSSIBLE BREAK-IN ATTEMPT!
> Mar 3 04:44:49 gimli sshd[12871]: Received disconnect from
> 61.163.113.72: 11: Bye Bye
>
> If I set "UseDNS no" the first message disappears and only the second
> one remains.
>
> So it seems there is no way to identify password bruteforcing attempts
> on servers which don't accept password authentication in the first
> place.
Can't you pick some reasonable number of 'received disconnect'
messages to allow from a single IP?
--
Les Mikesell
lesmikes...@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
