[Nolug] blocking SSH from Petri Laihonen on 2004-09-05 (nolugarchives)

From: Petri Laihonen <pietu_at_weblizards.net>
Date: Sun, 5 Sep 2004 12:28:20 -0400 (EDT)
Message-ID: <4683.68.14.52.165.1094401700.squirrel@68.14.52.165>

This is an excerpt of my logwatch report from yesterday.
!Note the line "root (61.8.206.67): 436 Time(s)"

sshd:
   Invalid Users:
      Unknown Account: 22 Time(s)
   Authentication Failures:
      unknown (s217-115-138-105.colo.hosteurope.de ): 6 Time(s)
      unknown (61.8.206.67 ): 9 Time(s)
      unknown (210.101.248.112 ): 6 Time(s)
      unknown (216.195.44.86 ): 1 Time(s)
      root (61.8.206.67 ): 436 Time(s)
      root (s217-115-138-105.colo.hosteurope.de ): 3 Time(s)
      root (210.101.248.112 ): 3 Time(s)

Is there a way to completely block access to the server from the offending
IP, lets say..... after 3 authentication failures?

Pietu
___________________
Nolug mailing list
nolug@nolug.org
Received on 09/05/04