Date: Tue, 24 Jan 2006 23:40:03 +0100 From: "Ilias Sachpazidis" <isachpaz@igd.fhg.de> To: <freebsd-questions@freebsd.org> Cc: 'Dan O'Connor' <dan@ferrarishields.com> Subject: RE: auth.log & intruder prevention Message-ID: <000401c62137$1e730490$050a0a0a@hermes> In-Reply-To: <003401c6212d$2fe157e0$0599460a@dan>
next in thread | previous in thread | raw e-mail | index | archive | help
We are talking about a few users and nobody has a permanent IP.
-IS
-----Original Message-----
From: Dan O'Connor [mailto:dan@ferrarishields.com]
Sent: Dienstag, 24. Januar 2006 22:29
To: Ilias.Sachpazidis@igd.fraunhofer.de
Subject: Re: auth.log & intruder prevention
> I am wondering if any script is available to prevent hundreds of
> attempts on
> port 22 from external IPs that constantly checking user & passwords on
> my
> FreeBSD PCs.
I can't help you with a greylist solution, but how many users do you
have that ssh in from the outside?
If you don't have too many, and they come from stable IP addresses, you
could always set up firewall rules to allow specific connections and
block other attempts to connect to port 22:
# My Trusted SSH Sites
dan="123.45.67.89"
jim="234.56.78.90"
. . .
# SSH Login - Allow only trusted incoming on outside interface
${fwcmd} add pass log tcp from ${dan} to any 22 in via ${oif} setup
${fwcmd} add pass log tcp from ${jim} to any 22 in via ${oif} setup
. . .
${fwcmd} add deny log tcp from any to any 22 in via ${oif} setup
~Dan
--
FreeBSD Cheat Sheets
http://www.mostgraveconcern.com/freebsd/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000401c62137$1e730490$050a0a0a>