Date: Thu, 18 Sep 2008 08:19:40 -0500 From: eculp@casasponti.net To: freebsd-questions@freebsd.org Subject: Re: Auto blacklist ssh connections ... Message-ID: <20080918081940.151830ffez6sh4mc@intranet.casasponti.net> In-Reply-To: <20080918102206.GA87327@ozzmosis.com> References: <14143EECEC1CC52A4BC39AC3@ganymede.hub.org> <EAB88E62-CB21-43FD-96F1-52BD59D918D6@comcast.net> <20080918102206.GA87327@ozzmosis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting andrew clarke <mail@ozzmosis.com>: > On Wed 2008-09-17 19:36:02 UTC-0400, Tom Marchand =20 > (m0rchand@comcast.net) wrote: > >>> Does anyone know of a utility that I can use with sshd to auto-block >>> by IP if there are more then N failed attempts in a row? > >> Why don't you have sshd listen on a different port? > > I imagine that on some hosts where there are multiple users/customers, > moving sshd to another port isn't a practical solution due to people's > habits in trying to connect to the default port. A human problem > rather than a technical one. > > PS. Top posting is cruel. I`ve been more or less watching this thread and haven't seen the use =20 of the ssh-bruteforce rules from the pf on line howtos being =20 recommended. In my own case pf, in addition to a couple of other =20 changes, has worked well for us. In the other changes mentioned we =20 have also changed the ssh port that doesn't add security but has =20 basically stopped logfiles full of dictionary attempts from what I =20 expect are windows machines that have been violated and are being used =20 to find more. I would highly recommend pf brutforce rules or something similar with =20 other firewalls. ed
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080918081940.151830ffez6sh4mc>