From owner-freebsd-questions@FreeBSD.ORG  Fri Jan  1 20:37:39 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 46E17106568F
	for <freebsd-questions@freebsd.org>;
	Fri,  1 Jan 2010 20:37:39 +0000 (UTC)
	(envelope-from j65nko@gmail.com)
Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.25])
	by mx1.freebsd.org (Postfix) with ESMTP id DC0AE8FC12
	for <freebsd-questions@freebsd.org>;
	Fri,  1 Jan 2010 20:37:38 +0000 (UTC)
Received: by ey-out-2122.google.com with SMTP id 9so2309421eyd.3
	for <freebsd-questions@freebsd.org>;
	Fri, 01 Jan 2010 12:37:30 -0800 (PST)
MIME-Version: 1.0
Received: by 10.213.51.10 with SMTP id b10mr10496200ebg.74.1262376454349; Fri, 
	01 Jan 2010 12:07:34 -0800 (PST)
In-Reply-To: <4B3E2C0F.4060408@unsane.co.uk>
References: <4B3E0D11.1080101@pdconsec.net> <4B3E0FBD.2010605@sbcglobal.net>
	<4B3E1295.9050902@pdconsec.net> <4B3E2C0F.4060408@unsane.co.uk>
Date: Fri, 1 Jan 2010 21:07:34 +0100
Message-ID: <19861fba1001011207v5528665ct7c58db87031de947@mail.gmail.com>
From: J65nko <j65nko@gmail.com>
To: David Rawling <djr@pdconsec.net>
Content-Type: text/plain; charset=ISO-8859-1
Cc: "freebsd-questions@FreeBSD. ORG" <freebsd-questions@freebsd.org>
Subject: Re: Blocking a slow-burning SSH bruteforce
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jan 2010 20:37:39 -0000

After some posts a discussion on the freebsd-table mailing list goes into
several approaches to deal with these SSH probes.

See http://lists.freebsd.org/pipermail/freebsd-stable/2009-December/053326.html

You still could allow outgoing ssh traffic on port 22 and allow
incoming SSH on another port.

Adriaan