I used to have problems with brute force attempts as well. I just
changed the port that SSH uses (TCP/IP port, not "ports collection"
port) and the problems have stopped. I made it something that means
something to me and maybe not others, so it's a simple and powerful way
of getting the job done.
-John
Chris Maness wrote:
Jonathan Franks wrote:
On Mar 18, 2006, at 12:39 PM, Chris Maness wrote:
In my auth log I see alot of bruit force attempts to login via
ssh. Is there a way I can have the box automatically kill any tcp/
ip connectivity to hosts that try and fail a given number of
times? Is there a port or something that I can install to give
this kind of protection. I'm still kind of a FreeBSD newbie.
If you are using PF, you can use source tracking to drop the
offenders in to a table... perhaps after a certain number of
attempts in a given time (say, 5 in a minute). Once you have the
table you're in business... you can block based on it... and then
set up a cron job to copy the table to disk every so often (perhaps
once every two minutes). It works very well for me, YMMV.
If you don't want to block permanently, you could use cron to flush
the table every so often too... I don't bother though.
-Jonathan
I use a port called DenyHost. It adds an entry to hosts.allow that
denies access.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"[EMAIL PROTECTED]"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
