> What can be done to keep the logs neat (i.e., free from the ssh- > bruteforce > garbage) is this: for a given number of login failures (e.g., 8), > add an > ipfw rule that blocks all traffic from the offending IP#. Of > course, this > has got to be automatized (script?). I find security/sshit works well for this, it reads a tail pipe out of syslog and add ipfw rules (and can time them out) > I used to add the rules manually, as > an experiment, and I found that attacks from one IP# do repeat, though > very seldom (the period may be as long as a few months). The rule list > will grows without bounds :( I figure, this reduces the amount of > recieved > spam slightly too. > Yes, not a novel idea (to phrase it soflty); yet, I actually tested > it, > found that there's net gain from doing that (as small as it may be), > and no noticeable bad consequences. > > [SorAlx] ridin' VN1500-B2 > _______________________________________________ > freebsd-chat@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-chat > To unsubscribe, send any mail to "freebsd-chat- > unsubscribe@freebsd.org" -- David King Computer Programmer Ketralnis Systems _______________________________________________ freebsd-chat@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-chat To unsubscribe, send any mail to "freebsd-chat-unsubscribe@freebsd.org"