dam you seconds ahead of my reply with the same info :)
On 11 Jan 2008, at 09:24, Lars Noodin wrote:
Kennith Mann III wrote:
...
While moving the SSH port doesn't help much against anyone running an
nmap scan, it stops blind port 22 scans that run generic password
hacks and filling your logs with crap,
Overloads help a bit:
pass in on $ext_if proto tcp to ($ext_if) port ssh
flags S/SA keep state (max-src-conn 4, \
max-src-conn-rate 2/60, overload <bruteforce> \
flush global)
Regarding the logs, one thing that worked in the past was giving the
netblock owner a hard time. It's their responsibility. It's not too
hard to make up a shellscript (or use another scripting language)
which
automates a daily report and the complaint.
Regards,
-Lars
