From owner-freebsd-questions@FreeBSD.ORG Tue May 6 18:13:44 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 389581065673 for ; Tue, 6 May 2008 18:13:44 +0000 (UTC) (envelope-from rramsdell@livedatagroup.com) Received: from mail1.livedatagroup.com (mail1.livedatagroup.com [216.154.205.166]) by mx1.freebsd.org (Postfix) with ESMTP id 0A1EE8FC22 for ; Tue, 6 May 2008 18:13:43 +0000 (UTC) (envelope-from rramsdell@livedatagroup.com) Received: from localhost (localhost [127.0.0.1]) by mail1.livedatagroup.com (Postfix) with ESMTP id B31AB10654B for ; Tue, 6 May 2008 13:57:25 -0400 (EDT) Received: from mail1.livedatagroup.com ([192.168.3.224]) by localhost (mail1.livedatagroup.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 30455-06 for ; Tue, 6 May 2008 13:57:19 -0400 (EDT) Received: from [192.168.2.132] (gw.livedatagroup.com [205.242.255.66]) by mail1.livedatagroup.com (Postfix) with ESMTP id 8418C10651D for ; Tue, 6 May 2008 13:57:19 -0400 (EDT) Message-ID: <48209BFF.6090607@livedatagroup.com> Date: Tue, 06 May 2008 13:57:19 -0400 From: Randy Ramsdell User-Agent: Thunderbird 2.0.0.14 (X11/20080421) MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <200805060931.18936.beech@freebsd.org> <20080506173912.GB85015@Grumpy.DynDNS.org> In-Reply-To: <20080506173912.GB85015@Grumpy.DynDNS.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at livedatagroup.com Subject: Re: [SSHd] Increasing wait time? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 May 2008 18:13:44 -0000 David Kelly wrote: > On Tue, May 06, 2008 at 09:31:15AM -0800, Beech Rintoul wrote: > >>> Is there a way to configure SSHd, so that the wait time between >>> login attempts increases after X failed tries? >>> >> Not that I know of. You should look into denyhosts (in the ports) it >> works well and even has a RBL feature to block some of these script >> kiddies proactively. Unfortunately, these attempts have become a fact >> of life. I probably get 20 - 30 attempts a day between my various >> servers. >> > > Depending on how you use ssh from external systems you could add > firewall rules to disallow all but known sources. > > I used portsentry several years ago which is a realtime portscan blocker. It would trigger on this type of ssh portscan for sure. One problem is that it blocks using firewall rules, hosts.deny etc... and would have to be actively maintained. Meaning: I cleaned these entries once a week. I am not sure it is ported to BSD either.