On Fri, 23 Sep 2005 11:40:36 -0700
"John Marten" <[EMAIL PROTECTED]> wrote:
> You know what i mean? Every day I get some script kiddie, or adult
> trying to guess usernames or passwords.
> I've installed the newest version of SSH, so i'm covered there. But I
> still get a dozen or 2 of the
> "sshd Invalid user somename from ###.##.##.###"
> "input_userauth_request: ivalid user somename"
> "Failed password for invalid user somename"
> "Recieved disconnect from ###.##.##.###"
> Someone told me to add a 'block in quick on $net inet proto {tcp,udp}
> from ###.##.##.### to any flags S/SA'
> entry in my pf.conf file. But if I had do that for every hacker my
> pf.conf would be huge!
> There's got to be a better way, and I'm open to suggestions.
>
>
> John F. Marten III
>
> Information Technology Specialist
>
Use tables.
See:
http://www.section6.net/wiki/index.php/Thwarting_ssh_hackers_with_swatch_pf
--
Thordur I. <[EMAIL PROTECTED]>
Humppa!
