Date: Mon, 15 May 2006 18:54:40 -0700 From: Lyndon Nerenberg <lyndon@orthanc.ca> To: freebsd-pf@freebsd.org Subject: Re: promt solution with max-src-conn-rate Message-ID: <340DFC1B-2620-4997-B495-67FA88F8662F@orthanc.ca> In-Reply-To: <d5992baf0605151829t34fc8a90kec1b7212544f4423@mail.gmail.com> References: <44680266.2090007@azimut-tour.ru> <446873D3.7090703@azimut-tour.ru> <55e8a96c0605150907k49af4454t5d0431ea036e11bc@mail.gmail.com> <200605151823.17265.viktor.vasilev@stud.tu-darmstadt.de> <fee88ee40605151617x75001284x54b9f33f89b7c339@mail.gmail.com> <55278.192.168.4.1.1147735542.squirrel@mail.abi01.homeunix.org> <d5992baf0605151829t34fc8a90kec1b7212544f4423@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On May 15, 2006, at 6:29 PM, Scott Ullrich wrote: >> You have to be aware that this otoh might open you to DoS >> attacks. People >> spoofing connections from your address will lock you out from your >> own >> server. > > An alternative is available for PF that monitors the ssh syslog. > > Take a look at: > http://pfsense.com/cgi-bin/cvsweb.cgi/tools/pfPorts/sshlockout_pf/ > files/sshlockout_pf.c?rev=1.1 /usr/ports/security/bruteforceblocker also filters based on syslog data; it lets you configure IP addresses that will never be blocked, so you can prevent this sort of DOS attack. --lyndon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?340DFC1B-2620-4997-B495-67FA88F8662F>