John Mills wrote:
Ahh -
Exactly the scenario here, except the names were different (but similar)
and the source IP was: 64.124.210.23
Thanks.
On Wed, 8 Sep 2004, Jonathan Chen wrote:
On Tue, Sep 07, 2004 at 09:42:16AM -0400, Mike Galvez wrote:
I am seeing a lot of automated attacks lately against sshd such as:
[...]
> > Sep 6 12:16:39 www sshd[29901]: Failed password for illegal user
server from 159.134.244.189 port 4044 ssh2
> > Sep 6 12:16:41 www sshd[29902]: Failed password for illegal user
adam from 159.134.244.189 port 4072 ssh2
... etc
Is there a method to make this more expensive to the attacker, such as
tar-pitting?
Put in a ipfw block on the netblock/country. At the very least it will
make it pretty slow for the initial TCP handshake.
- John Mills
[EMAIL PROTECTED]
I really wish people would stop top posting.
--
Best regards,
Chris
Flynn is dead
Tron is dead
long live the MCP.
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
