Date: Tue, 11 Apr 2006 23:33:13 -0400 From: Adam Stroud <adam@thegeeklord.com> To: Jonathan Franks <daemon@taconic.net> Cc: Chris Maness <chris@chrismaness.com>, freebsd-questions@freebsd.org Subject: Re: How to Stop Bruit Force ssh Attempts? Message-ID: <443C74F9.4050404@thegeeklord.com> In-Reply-To: <894280FF-CB83-4EEA-9CAD-422A34068354@taconic.net> References: <441C45BA.1030106@chrismaness.com> <894280FF-CB83-4EEA-9CAD-422A34068354@taconic.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I second that. I have been doing the same thing (except running an OpenBSD firewall that blocks the offenders via pf) and it works like a charm. A Jonathan Franks wrote: > > On Mar 18, 2006, at 12:39 PM, Chris Maness wrote: > >> In my auth log I see alot of bruit force attempts to login via ssh. >> Is there a way I can have the box automatically kill any tcp/ip >> connectivity to hosts that try and fail a given number of times? Is >> there a port or something that I can install to give this kind of >> protection. I'm still kind of a FreeBSD newbie. > > If you are using PF, you can use source tracking to drop the offenders > in to a table... perhaps after a certain number of attempts in a given > time (say, 5 in a minute). Once you have the table you're in > business... you can block based on it... and then set up a cron job to > copy the table to disk every so often (perhaps once every two > minutes). It works very well for me, YMMV. > > If you don't want to block permanently, you could use cron to flush > the table every so often too... I don't bother though. > > -Jonathan > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?443C74F9.4050404>