Antony Mawer wrote: > Chris Ryan wrote: > >>protection - with the appropriate active firewall that >>blocks their IP address after x failed attempts >>permanently.... > > > Has anyone found any good scripts or utilities for automating this kind > of thing? I too have been subject to these probings, and my initial > thought was to firewall off any address after any number of incorrect > attempts. > > While I could write a script to parse the ipfilter logs, I didn't want > to go re-inventing the wheel for something which I was sure someone > would have already attempted. > > Anyone have any suggestions? > > Cheers > Antony Is it actually good idea to block those IPs? I get lots of attacks too on daily basis on my machines for: root, man, smmsp, nobody, bin, daemon, tty, uucp, mailnull, you-name-it etc. For several weeks I sent e-mails to abuse@{$attack-comming-from-x-network}.{$domain} and 0.01% of them replied. However, the attacks never come from same networks nor IPs. My 2 cents. Cheers, Mikhail _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"