Date: Sun, 02 Apr 2006 22:34:11 +0200 From: peter@bgnett.no (Peter N. M. Hansteen) To: freebsd-questions@freebsd.org Subject: Re: repeated ssh login attempts/failure/break-in attempts from kiddy script Message-ID: <86acb3u37g.fsf@amidala.datadok.no> In-Reply-To: <442D31C6.5050700@wmptl.com> (Nathan Vidican's message of "Fri, 31 Mar 2006 08:42:30 -0500") References: <442D31C6.5050700@wmptl.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Nathan Vidican <nvidican@wmptl.com> writes: > ie: after 4 failed attempts from IP _BLANK_ in less than _BLANK_ minutes, deny > all attempts and drop connection from said IP... possible? using pf, this is astoundingly easy, see eg http://www.bgnett.no/~peter/pf/en/bruteforce.html If you go down this route, you might want to use expiretable (/usr/ports/security/expiretable) to trim the contents of the table after a while (I tend to use 24 hours expiry). -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales" 20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 seconds.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86acb3u37g.fsf>