Date: Thu, 21 Aug 2008 15:37:03 -0500 From: Brooks Davis <brooks@freebsd.org> To: Rink Springer <rink@freebsd.org> Cc: Mikhail Teterin <mi+mill@aldan.algebra.com>, Jeremy Chadwick <koitsu@freebsd.org>, freebsd-stable@freebsd.org, freebsd-security@freebsd.org Subject: Re: machine hangs on occasion - correlated with ssh break-in attempts Message-ID: <20080821203703.GA47728@lor.one-eyed-alien.net> In-Reply-To: <20080821201042.GA56182@rink.nu> References: <48ADA81E.7090106@aldan.algebra.com> <20080821200309.GA19634@eos.sc1.parodius.com> <20080821201042.GA56182@rink.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
--82I3+IH0IqGh5yIs Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Aug 21, 2008 at 10:10:42PM +0200, Rink Springer wrote: > On Thu, Aug 21, 2008 at 01:03:09PM -0700, Jeremy Chadwick wrote: > > Finally, consider moving to pf instead, if you really feel ipfw is > > what's causing your machine to crash. You might be pleasantly surprised > > by the syntax, and overall administrative usability (it is significantly > > superior to ipfw, IMHO). >=20 > In fact, pf can already do this out-of-the-box, by doing something like: >=20 > table <sshlusers> persist > pass quick on $wan_if proto tcp from any to any port ssh flags S/SA keep > state \ > (max-src-conn 15, max-src-conn-rate 5/3, overload <sshlusers> flush > global) >=20 > If that is not an option, I have found that security/denyhosts works > pretty well too (it just adds IP's to /etc/hosts.deniedssh, and > host_access(5) denies them based on this) You almost certainly don't want to rate limit ssh connections, only failed ones. If you rate limit connections and use svn, you're likely to lock your self out. -- Brooks --82I3+IH0IqGh5yIs Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (FreeBSD) iD8DBQFIrdHuXY6L6fI4GtQRAnmFAJsHxkpSK8Zx3QWdr/ksFolpRXNtIgCgyEbc WqAu2UPpH5xE7+ZF0xj8b+U= =qS2/ -----END PGP SIGNATURE----- --82I3+IH0IqGh5yIs--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080821203703.GA47728>