Date: Sun, 20 Aug 2006 14:50:08 +0200 From: Pieter de Boer <pieter@thedarkside.nl> To: freebsd-security@freebsd.org Subject: Re: SSH scans vs connection ratelimiting Message-ID: <44E85A80.3000608@thedarkside.nl> In-Reply-To: <20060819142846.N45201@orthanc.ca> References: <44E76B21.8000409@thedarkside.nl> <20060819142846.N45201@orthanc.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Lyndon Nerenberg wrote: > Take a look at /usr/ports/security/bruteforceblocker. It monitors the > system log for failed ssh logins, and blocks the sites via pf. It's > reasonably configurable, and works very well. I've been running it for > months without trouble. I've written a similar script which worked okay for the most part. Probably not as fancy, but a la. Point is, I'd prefer to: 1) Know why the attack still works although I'm ratelimiting to 3 connections per minute and MaxAuthTries is set to 3 (but if it was still the default value 6, it should've triggered, too) 2) Fix it at the root cause, probably OpenSSH? -- Pieter
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44E85A80.3000608>