Date: Wed, 15 Nov 2006 00:22:09 +0100 From: Erik Norgaard <norgaard@locolomo.org> To: "Peter N. M. Hansteen" <peter@bgnett.no> Cc: freebsd-questions@freebsd.org Subject: Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong? Message-ID: <455A4FA1.5010601@locolomo.org> In-Reply-To: <8764di7a2r.fsf@thingy.datadok.no> References: <4558D2A3.50904@locolomo.org> <8764di7a2r.fsf@thingy.datadok.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Peter N. M. Hansteen wrote: > Erik Norgaard <norgaard@locolomo.org> writes: > >> Honestly, I wouldn't worry about it: review your config and make some >> simple choices to reduce the noise, see this article: > > One other noise reduction method which is really easy to implement is > to use pf and write arule set which to uses the overload feature, see > eg http://home.nuug.no/~peter/pf/en/bruteforce.html (part of my > EuroBSDCon and other places tutorial). > > See http://home.nuug.no/~peter/pf/ for a choice of formats and languages. > Neat! Thanks, Erik -- Ph: +34.666334818 web: http://www.locolomo.org X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?455A4FA1.5010601>