Over the past few months there have been a remarkably high level of brute force attacks logged by sshd. I was wondering, is there a way that sshd (or some other package) can monitor login attempts and if more than say 5 or 6 attempts are made to login from a particular ip address, temporarily block that address (perhaps at the firewall)? It'd be real satisfying to just dump the attackers' packets to the bit bucket and slow 'em down a bit.
Not that I'm an expert (and not that that's stopping me), but this can be done by configuring sshd to use PAM and selecting a PAM module such as pam_abl that can blacklist sites that send too many attempts. See http://www.kernel.org/pub/linux/libs/pam/modules.html for examples.
-- Carleton Vaughn College Park, Georgia, USA _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
