Date: Tue, 11 Apr 2006 23:36:29 -0400 From: Adam Stroud <adam@thegeeklord.com> Cc: freebsd-stable@freebsd.org Subject: Re: bruteforce Message-ID: <443C75BD.6030801@thegeeklord.com> In-Reply-To: <443BFB00.3090101@freebsdbrasil.com.br> References: <443B6FC8.8080503@egonflower.com> <20060411170437.GD66947@dimma.mow.oilspace.com> <1426257861.20060411192904@rulez.sk> <5ad23a300604111049i49d93cf7g1238512e7d372210@mail.gmail.com> <443BFB00.3090101@freebsdbrasil.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
I have been using pf (on an OpenBSD box) to automatically block offending IP address using pf and it seems to work well for me. Basically when an attackers tries to connect x number of times in y minutes, I have the firewall set up to block the automatically. Works like a charm. A Patrick Tracanelli wrote: > Jordan Sissel wrote: >> On 4/11/06, Daniel Gerzo <danger@rulez.sk> wrote: >> >>> Hello Dmitriy, >>> >>> Tuesday, April 11, 2006, 7:04:37 PM, you typed the following: >>> >>> >>>> On Tue, Apr 11, 2006 at 10:58:48AM +0200, Matteo 'egon' Baldi wrote: >>>> >>>>> Hy, I'm triing to find a solution to bruteforce attack, mostly on >>>>> port >>> >>> 22, without >>> >>>>> moving services on different ports. >>> >>>> try to use >>>> /usr/ports/security/sshit >>> >>> maybe security/bruteforceblocker >> >> >> >> If you're looking for something with a more generalized approach, >> check out >> sysutils/grok. It comes with examples that block brute force efforts, >> and >> can do much more. > > Doesnt open sshd itself has a feature which blocks or imposes a delay > upon a number of failed logins from the same address? >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?443C75BD.6030801>