Note to LEAF users on ssh logins

George Georgalis george at galis.org
Thu Mar 3 08:16:59 PST 2005


On Thu, Mar 03, 2005 at 09:21:33AM -0500, Brian Reichert wrote:
>On Thu, Mar 03, 2005 at 03:14:41PM +0100, Simon 'corecode' Schubert wrote:
>> On 03.03.2005, at 14:35, Joerg Sonnenberger wrote:
>> >> * Detects failed ssh login attempts and maps out the originating IP
>> >> * using IPFW.
>> >Someone wants to write a nice PF version? It should just add the IP to
>> >a table :)
>> 
>> collaborative ssh scan firewalling with a distributed database? *ducks*
>
>I've heard assertions that the DROP list is good for cutting down
>on 'improper' web/ssh connections.  I haven't correlated with my
>own logs, so I can't offer more details:
>
>  <http://www.spamhaus.org/drop/index.lasso>

forgot to mention,

the bogons list from completewhois should be useful too
http://completewhois.net/bogons/index.htm

I've never applied it though...

// George


-- 
George Georgalis, systems architect, administrator Linux BSD IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:george at xxxxxxxxx





More information about the Users mailing list