NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: ssh scans

On Mon, Oct 26, 2009 at 12:42 PM, David Wetzel <> 
> I am seeing a lot of ssh scans and I am wondering if somebody has a solution
> like adding the bad hosts temporary to pf.conf or so?
> see for yourself:
> cat /var/log/authlog | grep -i failed | grep user | sed "s/.*from\ //g" |
> sed "s/ port .*//g" | sort | uniq -c

Whenever you say something like this, you should always include:

And this is why I can't just change the port to some other port number:

Because that eliminates about 99.9% of this problem. Dealing with the
other .1% is still probably worthwhile, though.


Home | Main Index | Thread Index | Old Index