Date: Wed, 20 Sep 2006 07:45:43 +0200 From: peter@bgnett.no (Peter N. M. Hansteen) To: freebsd-questions@freebsd.org Subject: Re: sshd brute force attempts? Message-ID: <878xkff5vc.fsf@amidala.kakemonster.bsdly.net> In-Reply-To: <20060919165400.A4380@prime.gushi.org> (Dan Mahoney's message of "Tue, 19 Sep 2006 16:55:48 -0400 (EDT)") References: <20060919165400.A4380@prime.gushi.org>
next in thread | previous in thread | raw e-mail | index | archive | help
"Dan Mahoney, System Admin" <danm@prime.gushi.org> writes: > I've found a few things based on openBSD's pf, but that doesn't seem to be > the default in BSD either. Recent BSDs (all of them, FreeBSD 5.n/6.n included) have PF in the base system. 'overload' rules are fairly easy to set up, eg table <bruteforce> persist #Then somewhere fairly early in your rule set you set up to block from the bruteforcers block quick from <bruteforce> #And finally, your pass rule. pass inet proto tcp from any to $localnet port $tcp_services \ flags S/SA keep state \ (max-src-conn 100, max-src-conn-rate 15/5, \ overload <bruteforce> flush global) for more detailed discussion see eg http://www.bgnett.no/~peter/pf/en/bruteforce.html -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales" 20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 seconds
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?878xkff5vc.fsf>