NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: ssh scans



On Mon, Oct 26, 2009 at 12:42:57PM -0700, David Wetzel wrote:
> I am seeing a lot of ssh scans and I am wondering if somebody has a  
> solution like adding the bad hosts temporary to pf.conf or so?

If you are from a smaller country and login only from that location,
something like

ALL     : localhost     : ALLOW
sshd    : .fi           : ALLOW
ALL     : ALL           : DENY

in hosts.allow(5) and "ALL : ALL" in hosts.deny(5) works quite reasonably.

- Jukka.

P.S. I believe that often this eternal issue is more about log spam rather
than about any real security threat. As for the special tools others have
proposed, keep in mind that these tools have historically introduced
security issues themselves.


Home | Main Index | Thread Index | Old Index