On Tuesday 28 September 2004 17:43, dave wrote: > Hello, > Last evening i had a pretty determined dialup user try to ssh in > to my system as root, the logs showed he tried for over 15 minutes. > What i'd like to know is is there a way of dropping a connection from > an IP if it connects more than x times in a minute? Or any other > suggestions of dealing with this? I did a host lookup on the IP, > 211.206.125.39 > which came back not found which kind of tells me he got offline. > Suggestions welcome. > Also i'm not familiar with the .kr domain i'd like to block > connections from that one as well, same reason this one 4 minutes > 165.132.58.56 Thanks.
One thing I think you should do is edit sshd_config to disallow direct root logins, I thought that was the default. You can still su to root, unless you disallow the wheel group. I have it setup so users have to be in a dedicted ssh-users group. I think you can force sshd to use login, which gives you some back-off options (see man login.conf). Another thing is to configure your firewall to allow ssh only from specified hosts or ip ranges. Take a look at the ipfw articles here: http://www.onlamp.com/topics/bsd/firewalls _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
