NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: ssh scans

On Mon 26 Oct 2009 at 12:42:57 -0700, David Wetzel wrote:
> Hi,
> I am seeing a lot of ssh scans and I am wondering if somebody has a  
> solution like adding the bad hosts temporary to pf.conf or so?

I use pam_af, which hooks into PAM. It is in pkgsrc: security/pam-af.
It blocks IP addresses that try (and fail) more than N logins in M
seconds for O time.

The bad guys try to get around this, however. I have seen login attempts
with fairly consistent interval from all kinds of different sources.
That clearly was coordinated, since the interval alwas was between 1 and
3 minutes.

I wish sshd would log passwords in these cases. I'm quite interested in
knowing which passwords they try.

___ Olaf 'Rhialto' Seibert    -- You author it, and I'll reader it.
\X/ rhialto/at/      -- Cetero censeo "authored" delendum esse.

Home | Main Index | Thread Index | Old Index