You could use pf to block linux ssh access.
block in log quick on $EXT_IF inet proto tcp from any os "Linux" to port
22 label "Blocked Linux ssh access: "
That'll reduce it quite a lot.
John Marten wrote:
You know what i mean? Every day I get some script kiddie, or adult
trying to guess usernames or passwords.
I've installed the newest version of SSH, so i'm covered there. But I
still get a dozen or 2 of the
"sshd Invalid user somename from ###.##.##.###"
"input_userauth_request: ivalid user somename"
"Failed password for invalid user somename"
"Recieved disconnect from ###.##.##.###"
Someone told me to add a 'block in quick on $net inet proto {tcp,udp}
from ###.##.##.### to any flags S/SA'
entry in my pf.conf file. But if I had do that for every hacker my
pf.conf would be huge!
There's got to be a better way, and I'm open to suggestions.
John F. Marten III
Information Technology Specialist
