Re: SSH hank attempts��bad?

Gary Thornock gthornock at yahoo.com
Wed Apr 12 00:00:19 MDT 2006


So far, I've just added the offending hosts to a table in
/etc/pf.conf and denied them access to all ports, something like:

#####
table <badssh> { \
  24.222.2.26, 24.232.121.93, 24.48.67.72, 61.206.117.59,       \
  61.63.10.210, 61.71.120.170, 62.112.223.131, 64.251.27.173,   \
  64.58.235.163, 64.71.150.51, 66.120.42.38, 66.146.155.143,    \
  # several rows trimmed for brevity
  221.232.160.115, 221.6.69.10                                  \
}

# snip a few other pf rules

block in quick on $ext_if from <badssh>
#####

This has been very effective.  I rarely need to add an additional
host to the deny table.  Something similar would doubtless work in
iptables, too, if that's your preference.

Denyhosts looks like an interesting alternative, though.  I think
I'll try it out :)




More information about the PLUG mailing list