-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Chris Sent: Monday, January 10, 2005 4:07 PM To: artware Cc: freebsd-questions@freebsd.org Subject: Re: Blacklisting IPs
artware wrote:
Hello again,
My 5.3R system has only been up a little over a week, and
I've already
had a few breakin attempts -- they show up as Illegal user tests in
the /var/log/auth.log... It looks like they're trying common login
names (probably with the login name used as passwd). It takes them
hours to try a dozen names, but I'd rather not have any traffic from
these folks. Is there any way to blacklist IPs at the system
level, or
do I have to hack something together for each daemon?
- ben
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"[EMAIL PROTECTED]"
Here's what I do -
as root: route -nq add -host xxx.xxx.xxx.xxx 127.0.0.1 -blackhole
To the attacker, it looks as if you dropped off the net.
This actually isn't the best advice since the incoming packets from the attacker are still using up your bandwidth.
It's best to report them and it's not hard to do it. There are automated tools that will do it. As the CTO of an ISP let me tell you that we get about 1 of those reports every few months - that is how few people are reporting them - and we look closely at every one of them. This isn't a situation where the abuse departments of most ISP's are overflowing with so many network abuse notifications that they aren't interested in getting more of them.
I've had these showing up in my auth.log since mid-December. Most of the time, my lookups have gone to domains registered in Elbonia and frankly I have my doubts about any administrators over there caring. The only Western abuse@ I found sent me an automated reply. I'm waiting to get one from Singapore---maybe I can get somebody caned...
-- Carleton Vaughn College Park, Georgia, USA _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
