bill1282
Dec 15 2007, 10:25 AM
I been getting a lot of scans like this, Is this anything I need to worry about? How can I adjust BFD to ban these faster?
1525 events to the service sshd
/etc/apf/apf -d ns1.datavision.net.gr {bfd.sshd}
The following are event logs from ns1.datavision.net.gr on service sshd (all time stamps are GMT -0500):
Dec 15 11:08:37 secure sshd[14317]: reverse mapping checking getaddrinfo for ns1.datavision.net.gr failed - POSSIBLE BREAKIN ATTEMPT!
Thank you,
Bill
eth00
Dec 15 2007, 10:56 AM
BFD runs via a cronjob every 10 minutes, if you want can lower the time. Just be aware it can be pretty resource intensive if you run it frequently.
doc
Dec 17 2007, 02:24 PM
BFD is awesome. I get about 3 emails a day of people that are added to my firewall's deny list for trying to log into SSH.
secwrd
Dec 18 2007, 04:54 AM
Yeash BFD rules, bans IP's for massive spam too...
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.