Date: Mon, 3 May 2010 13:42:02 -0300 (ADT) From: Andrew Wright <andrew@qemg.org> To: John <john@starfire.mn.org> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: pf suggestions for paced attack Message-ID: <alpine.BSF.2.00.1005031337560.1908@qemg.org> In-Reply-To: <20100503144110.GA14402@elwood.starfire.mn.org> References: <20100503144110.GA14402@elwood.starfire.mn.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 3 May 2010, John wrote: > The script kiddies have apparently figured out that we use some > time-window sensitivity in our adaptive filtering. From sshd, I've [ ... deletia ... ] > Anybody got any superior suggestions? I've been running a script using tail -F to watch /var/log/auth.log to count total number of failures, and ix-nay anyone who reaches 10 fluffed attempts in 24 hours; this is managed by using pfctl to update the relevant table. It has worked pretty well for me over the last three or so years, and is immune to the current longer timeouts that you mention. If anyone is interested, I can send (or I suppose post) the scripts. Andrew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1005031337560.1908>