Over the past few months there have been a remarkably high level of brute force attacks logged by sshd. I was wondering, is there a way that sshd (or some other package) can monitor login attempts and if more than say 5 or 6 attempts are made to login from a particular ip address, temporarily block that address (perhaps at the firewall)? It'd be real satisfying to just dump the attackers' packets to the bit bucket and slow 'em down a bit.
Sorry, but this topic was discussed just before you posted - see "Blacklisting IPs" and it is regularly discussed on various lists.
Everyone asks that same question, and everyone propose the same solutions, could this be added to the faq?
Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
