Ted Mittelstaedt wrote:

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Chris
Sent: Monday, January 10, 2005 4:07 PM
To: artware
Cc: freebsd-questions@freebsd.org
Subject: Re: Blacklisting IPs


artware wrote:

Hello again,

My 5.3R system has only been up a little over a week, and

I've already

had a few breakin attempts -- they show up as Illegal user tests in
the /var/log/auth.log... It looks like they're trying common login
names (probably with the login name used as passwd). It takes them
hours to try a dozen names, but I'd rather not have any traffic from
these folks. Is there any way to blacklist IPs at the system

level, or

do I have to hack something together for each daemon?

- ben
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to

"[EMAIL PROTECTED]"


Here's what I do -

as root: route -nq add -host xxx.xxx.xxx.xxx 127.0.0.1 -blackhole

To the attacker, it looks as if you dropped off the net.




This actually isn't the best advice since the incoming packets
from the attacker are still using up your bandwidth.

It's best to report them and it's not hard to do it.  There
are automated tools that will do it.  As the CTO of an ISP
let me tell you that we get about 1 of those reports every
few months - that is how few people are reporting them - and
we look closely at every one of them.  This isn't a situation
where the abuse departments of most ISP's are overflowing
with so many network abuse notifications that they aren't
interested in getting more of them.

I've had these showing up in my auth.log since mid-December. Most of the time, my lookups have gone to domains registered in Elbonia and frankly I have my doubts about any administrators over there caring. The only Western abuse@ I found sent me an automated reply. I'm waiting to get one from Singapore---maybe I can get somebody caned...


--
Carleton Vaughn
College Park, Georgia, USA
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to