From owner-freebsd-questions@FreeBSD.ORG  Wed Mar 27 00:38:13 2013
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 0A319D4E
 for <freebsd-questions@freebsd.org>; Wed, 27 Mar 2013 00:38:13 +0000 (UTC)
 (envelope-from danny@clari.net.au)
Received: from fallbackmx07.syd.optusnet.com.au
 (fallbackmx07.syd.optusnet.com.au [211.29.132.9])
 by mx1.freebsd.org (Postfix) with ESMTP id 850341C1
 for <freebsd-questions@freebsd.org>; Wed, 27 Mar 2013 00:38:12 +0000 (UTC)
Received: from mail09.syd.optusnet.com.au (mail09.syd.optusnet.com.au
 [211.29.132.190])
 by fallbackmx07.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id
 r2R0c4XA015342
 for <freebsd-questions@freebsd.org>; Wed, 27 Mar 2013 11:38:04 +1100
Received: from [192.168.100.102] (c114-76-1-137.eburwd4.vic.optusnet.com.au
 [114.76.1.137])
 by mail09.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id r2R0buCX023531
 for <freebsd-questions@freebsd.org>; Wed, 27 Mar 2013 11:37:57 +1100
Message-ID: <51523F50.3040205@clari.net.au>
Date: Wed, 27 Mar 2013 11:37:36 +1100
From: "Daniel O'Callaghan" <danny@clari.net.au>
User-Agent: Mozilla/5.0 (Windows NT 6.0;
 rv:17.0) Gecko/20130307 Thunderbird/17.0.4
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
Subject: Re: Client Authentication
References: <B2DC7342-9F1A-489A-94F0-49802B1E5DF6@lafn.org>
 <20130326171812.GA20118@shellx.eskimo.com> <51521995.5080203@clari.net.au>
 <op.wukulmoxg7njmm@michael-think>
In-Reply-To: <op.wukulmoxg7njmm@michael-think>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Optus-CM-Score: 0
X-Optus-CM-Analysis: v=2.0 cv=F68P7ddN c=1 sm=1 a=rXgAR6YtUHgA:10
 a=8nJEP1OIZ-IA:10 a=ejE0-8HIAAAA:8 a=A9Znw9LtFpAA:10
 a=03M6G5plXHdVPKMoUrMA:9 a=wPNLvfGTeEIA:10 a=+rVrtY7z3DVyADW7HUk29Q==:117
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Mar 2013 00:38:13 -0000

On 27/03/2013 10:37 AM, Michael Ross wrote:
>> I'm happy to share a program I wrote which slows down the brute force 
>> attackers.
>> It simply counts the SYN packets from a given IP and limits the rate 
>> per minute by dropping the packet if they are coming too fast.
>>
>> Uses ipfw divert sockets, so would work if you prefer ipfw over pf.
>
> Me Me Me! ...ahem.
> I do prefer IPFW over PF and would very much like to try it out,
> so please do share. 
OK, here 'tis

https://secure.clari.net.au/ratelimit2.tgz

Danny