Date: Tue, 24 Apr 2007 21:16:49 +0300 From: Andrei Kolu <antik@pcbsd.org> To: freebsd-pf@freebsd.org Subject: Re: preventing ssh brute force attacks, swatch and users and table Message-ID: <200704242116.49805.antik@pcbsd.org> In-Reply-To: <00b701c7869a$795c0db0$0200a8c0@satellite> References: <00b701c7869a$795c0db0$0200a8c0@satellite>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 24 April 2007 21:00:41 Dave wrote: > Hello, > I've got a machine running ssh and i'm trying to cut down on brute > force attacks on it. I'm running pf on a freebsd 6.2 box and have added in > swatch to try to curve these attacks. The problem is nothing is being added > to either the memory hackers table nor the ondisk copy of it. I know i'm > getting hits because i'm seeing entries in my auth.log like this: > > Apr 21 06:18:38 zeus sshd[10609]: Did not receive identification string > from 125.33.163.188 I managed to cut down attacks and block ip-s with denyhosts: Port: denyhosts-2.6 Path: /usr/ports/security/denyhosts Info: Script to thwart ssh attacks Currently I block attackers for 10 minutes and then release IP- in case someone is using NAT and blocks all other users out of that network.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200704242116.49805.antik>