David D.W. Downey wrote: >On Fri, 24 Sep 2004 23:49:09 +0200, Alex de Kruijff ><freebsd@akruijff.dds.nl> wrote: > > >>>Then you can still see the attempts (and thus log the IP information >>>for contacting the abuse@ for the responsible IP controller) while >>>limiting your log sizes. >>> >>> >>This only logs the first tree catches (when the log attribuut is set) >>per rule. You may want to set this a little higher like 100. >> >> >> > >while I agree my example of 3 was low (meant only to instruct) I would >say more along the lines of 25. if someone is hitting you 25 times in >a row and getting tagged by that rule, you can bet your butt it's not >a client of your's. > It is even simpler: Anybody trying to use root as user for ssh-login is not a customer of mine.... And if he has not figured out that he's doing something wrong after 3 tries, little chance that he is really just making a mistake. --WjW _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"