On 8/19/06, Pieter de Boer <[EMAIL PROTECTED]> wrote:
This works as expected, IP-addresses are added to the 'lamers'-table
every once in a while.
However, there apparently are SSH bruteforcers that simply use one
connection to perform a brute-force attack:
Aug 18 00:00:01 aberdeen sshd[87989]: Invalid user serwis from 83.19.113.122
Aug 18 00:00:03 aberdeen sshd[88010]: Invalid user serwis from 83.19.113.122
Aug 18 00:00:05 aberdeen sshd[88012]: Invalid user serwis from 83.19.113.122
Aug 18 00:00:10 aberdeen sshd[88014]: Invalid user serwis from 83.19.113.122
Aug 18 00:00:13 aberdeen sshd[88019]: Invalid user serwis from 83.19.113.122
Aug 18 00:00:14 aberdeen sshd[88021]: Invalid user serwis from 83.19.113.122
It looks as though you need to lower 'MaxAuthTries' in your
sshd_config file, as the default is set to allow six authentication
attempts per connection.
You'll find this in the sshd_config(5) man page.
Scot
--
DISCLAIMER:
No electrons were mamed while sending this message. Only slightly bruised.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
