Date: Tue, 24 Apr 2007 21:07:03 +0200 From: Gergely CZUCZY <phoemix@harmless.hu> To: Andrei Kolu <antik@pcbsd.org> Cc: freebsd-pf@freebsd.org Subject: Re: preventing ssh brute force attacks, swatch and users and table Message-ID: <20070424190702.GA91635@harmless.hu> In-Reply-To: <200704242116.49805.antik@pcbsd.org> References: <00b701c7869a$795c0db0$0200a8c0@satellite> <200704242116.49805.antik@pcbsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--UlVJffcvxoiEqYs2 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 24, 2007 at 09:16:49PM +0300, Andrei Kolu wrote: > On Tuesday 24 April 2007 21:00:41 Dave wrote: > > Hello, > > I've got a machine running ssh and i'm trying to cut down on brute > > force attacks on it. I'm running pf on a freebsd 6.2 box and have added= in > > swatch to try to curve these attacks. The problem is nothing is being a= dded > > to either the memory hackers table nor the ondisk copy of it. I know i'm > > getting hits because i'm seeing entries in my auth.log like this: > > > > Apr 21 06:18:38 zeus sshd[10609]: Did not receive identification string > > from 125.33.163.188 I've used a pf ruleset to block too intensive connect attempts to my sshd, as it was documented in the openbsd FAQ. I block IPs permanently, and if someone was blocked due to too intensive ssh-ing, then the IP will absolutely be blocked, globally. I auto-save this table, and it's an append-only one. This is a really easy policy, works great. Bye, Gergely Czuczy mailto: gergely.czuczy@harmless.hu --=20 Weenies test. Geniuses solve problems that arise. --UlVJffcvxoiEqYs2 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) owFNVEGLJDUUHmcUMSCy/+DpwQG3q6zq7m27S2bXdWdnHFzdFlo9rB5SqVdVoVNJ bZKa3ppf4EFQPCroxZsIHvbuVRDFHyCIh/0LHsWXKme0GehM8vJ93/u+1/n8+YO9 /Wu//vD4wfVPv/jqqe+f/iV/pem811XUcHsudZQmSRqt0sXsRjSPMEkSMS9ni3Je CrE6id//4I7RHrWPNn2LGXh85F9tFZf6dRA1tw79UefLaMku646la42TXhqdgdRK arw621iuXYk2uquFKaSuMnjYGY9F1FqpPc8VMnZfw6bDCdxuLUznE5gmyWvAPSSr LF1k89X6HbiezJKEKnRhUcLbRnWws4STsZswXncF7+l2AJFqhJimWZJk8xSO+Tn+ V38T3kKlzGRYhs/ZIR1XxgOHhoua9IPttCa14FwNXBcgDxvwtg9b3oDoPBRmp8Fo yG3ncYAqjRVIuj0XWxeOpI8Ju7kCa8uwy6G0iLkrYBFPITePBoI6SORFgcURIxMH QLfjXtSBkKhHXktVvkZ3xRPDpkZorSEnG5AOtPF1IKNljmHBj1iAHRAJAyXdtwEE GmwMAdeEg9bBkAbdHw+NLqTbgjBtD6Yce4GtNrvgxQBWofeBoJY+cAnekaxglMOB mPK3Eh11A00PvPN1rEwFSm5DD9INWQxIQ/ApJIssXWazJVxg54L1xYM0WSSrjzM4 lkXoDCwKlOSBLAhdllLwMHbgiElXYwrWNJBOb8SzWUwzHqfLJRsCJnUFmU8h2E6R gz64kSsjtrQwpJIG1gVsYbRG4YPD2LTUmzeMGgh6JsCpHw87+iqM6BpSQajU4WBZ izrkenL7vWDWiH22dqxF23BNtaqfjONUgjMNGpq0ADVUEk7R4ZD2/+Uw4o2ouUmg GHnO1rCTSgHPHf0QPKqe7L8EmUClTM6V6mN2Flw3kePno+NjxP9K8IeOFsBbUl1E RhMK6YkZ24RK+uPkdsAB5K6H1igpSP7OWJruio481b7Z44SxU7RVUHHnohMXPWu4 VN5kNCDDdiyG7Tfo8WjIeBfXHWNRdDRN2IeIOoyIR0fzdUr/UEoUvVHnV0NNpzU9 BtxKR+o+uXXwzF54pS5fuGv78oW9bz76dvPjd8/+9ef+b+u/n7wLX54c3Htp7+v0 7r3Tn3968eXH69//eO7Jor+/tp/9Aw== =xvw4 -----END PGP SIGNATURE----- --UlVJffcvxoiEqYs2--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070424190702.GA91635>