Hi there, Possibly this questions pops up regularly. I have tried to find the answer myself and have been unable to so far.
My current way to drastically slow-down ssh brute force attacks is by using the pf feature "max-src-conn-rate" with an argument of 5/60 meaning only 5 syn packets are allowed per source IP to my ssh port per minute. The rest get dropped. This works both for IPv4 and IPv6. I typically don't login more then 5 times per minute to my hosts. I have tried several ways to get the same behaviour using ipfw and dummynet. But when combining the rules with keep-state I don't get to the point where I get wire-speed ssh connections for those that make it while keeping the number of new connections per source IP at a very low number (a few per minute). Is there an equivalent in ipfw for the pf feature max-src-conn-rate? Thank you very much in advance, please keep cc'ing me as I have not subscribed to the ipfw list yet. Thanks! Marco van Tol _______________________________________________ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
