Date: Wed, 12 Apr 2006 21:32:02 -0400 From: Ean Kingston <ean@istop.com> To: freebsd-questions@freebsd.org Subject: Re: How to Stop Bruit Force ssh Attempts? Message-ID: <200604122132.02742.ean@istop.com> In-Reply-To: <894280FF-CB83-4EEA-9CAD-422A34068354@taconic.net> References: <441C45BA.1030106@chrismaness.com> <894280FF-CB83-4EEA-9CAD-422A34068354@taconic.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 11 April 2006 21:35, Jonathan Franks wrote: > On Mar 18, 2006, at 12:39 PM, Chris Maness wrote: > > In my auth log I see alot of bruit force attempts to login via > > ssh. Is there a way I can have the box automatically kill any tcp/ > > ip connectivity to hosts that try and fail a given number of > > times? Is there a port or something that I can install to give > > this kind of protection. I'm still kind of a FreeBSD newbie. I setup SSH to use public key authentication only. That way they can hammer away at my ssh server till the cows come home and they will never get in with a password. I also use tcpwrappers (built into ssh daemon) for the particularly obnoxious ones. > If you are using PF, you can use source tracking to drop the > offenders in to a table... perhaps after a certain number of attempts > in a given time (say, 5 in a minute). Once you have the table you're > in business... you can block based on it... and then set up a cron > job to copy the table to disk every so often (perhaps once every two > minutes). It works very well for me, YMMV. > > If you don't want to block permanently, you could use cron to flush > the table every so often too... I don't bother though. > > -Jonathan -- Ean Kingston, BSc, CISSP, ARO Computer Security and Privacy Consulting PGP KeyID: CBC5D6BB
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200604122132.02742.ean>