Date: Wed, 20 Sep 2006 07:00:25 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: "Peter N. M. Hansteen" <peter@bgnett.no> Cc: freebsd-questions@freebsd.org Subject: Re: sshd brute force attempts? Message-ID: <4510D8F9.6050504@infracaninophile.co.uk> In-Reply-To: <878xkff5vc.fsf@amidala.kakemonster.bsdly.net> References: <20060919165400.A4380@prime.gushi.org> <878xkff5vc.fsf@amidala.kakemonster.bsdly.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigD417007199443C5EFD3C6637 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable Peter N. M. Hansteen wrote: > "Dan Mahoney, System Admin" <danm@prime.gushi.org> writes: >=20 >> I've found a few things based on openBSD's pf, but that doesn't seem t= o be=20 >> the default in BSD either. >=20 > Recent BSDs (all of them, FreeBSD 5.n/6.n included) have PF in the base= system. > 'overload' rules are fairly easy to set up, eg=20 >=20 > table <bruteforce> persist >=20 > #Then somewhere fairly early in your rule set you set up to block from = the bruteforcers >=20 > block quick from <bruteforce> >=20 > #And finally, your pass rule. >=20 > pass inet proto tcp from any to $localnet port $tcp_services \ > flags S/SA keep state \ > (max-src-conn 100, max-src-conn-rate 15/5, \ > overload <bruteforce> flush global) >=20 > for more detailed discussion see eg http://www.bgnett.no/~peter/pf/en/b= ruteforce.html The really nice thing about this pf based technique is that it does not need to scan log files (like most of the other brute force blockers). So you can use it on a gateway firewall to protect a whole network of machines behind it. Although in that case having a whitelist of IPs that are always allowed to connect would be sensible. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enigD417007199443C5EFD3C6637 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFENj/8Mjk52CukIwRCEqyAJwMG6sYhobjtzoD1xZ/atmNyCP/vQCeKyTA SYPKr9Ugf/8BUBShaCwJe6E= =RMNN -----END PGP SIGNATURE----- --------------enigD417007199443C5EFD3C6637--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4510D8F9.6050504>