DragonFly users List (threaded) for 2005-03
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: Note to LEAF users on ssh logins

From:	Garance A Drosihn <drosih@xxxxxxx>
Date:	Thu, 3 Mar 2005 18:00:32 -0500

At 7:23 PM -0800 3/2/05, Matthew Dillon wrote:

    Leaf and, in fact, all of my machines which have open ssh
    ports are getting random hack attempts, about 20-30 a day in
    short bursts, usually from a different IP address each day.

    I am rather disquieted by the continuous attempts so I have
    written and intalled a little program to monitor the syslog
    which will automatically block failed password or illegal
    user login attempts.


A friend of mind recently wrote something similar, using perl.
His was written for FreeBSD and ipfw, but would be easy to
adapt.  The main difference is that his setup supports the
idea that these ipfw rules should expire after awhile.

http://www.chrismasto.com/software/ssh_ipfw/

I haven't used this at all, but a few of my friends have been
using it for a few weeks, so it might be interesting to look at.

--
Garance Alistair Drosehn            =   gad@xxxxxxxxxxxxxxxxxxxx
Senior Systems Programmer           or  gad@xxxxxxxxxxx
Rensselaer Polytechnic Institute    or  drosih@xxxxxxx

References:
- Note to LEAF users on ssh logins
  - From: Matthew Dillon

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]