On 7/6/06, Bharj, Gagan <[EMAIL PROTECTED]> wrote:
Hello Folks,
Our server is getting hammered on a daily basis by IPs trying to open an ssh
session. Currently, I'm manually putting the subnets (in a pf table) that are
repeatedly trying to get in. As you can see, this list will eventually get
"Bharj, Gagan" <[EMAIL PROTECTED]> writes:
> Our server is getting hammered on a daily basis by IPs trying to open an ssh
> session. Currently, I'm manually putting the subnets (in a pf table) that are
> repeatedly trying to get in. As you can see, this list will eventually get
> very big and wi
On Thu, 6 Jul 2006 10:46:43 -0500
Mike Piety <[EMAIL PROTECTED]> wrote:
> On Thu, 6 Jul 2006 11:15:24 -0400
> "Peter Blair" <[EMAIL PROTECTED]> wrote:
>
> > Something like:
> >
> > pass in quick on $ext_if from { $friendly_networks } to any port ssh
> > keep state block in on $ext_if from any to
On Thu, 6 Jul 2006 11:15:24 -0400
"Peter Blair" <[EMAIL PROTECTED]> wrote:
> Something like:
>
> pass in quick on $ext_if from { $friendly_networks } to any port ssh
> keep state block in on $ext_if from any to any port ssh
>
> should work. You can place "$friendly_networks" into a table that
>
Sorry, I didn't fully comprehend you e-mail (that's what I get for
reading my openbsd mail at work!) the first time around.
Have you attempted to write a script that gets the network address for
a host via `whois` and start expanding the "blacklist"?
For instance, monitor your logs for repeated
On 7/6/06, Bharj, Gagan <[EMAIL PROTECTED]> wrote:
Our server is getting hammered on a daily basis by IPs trying to open
an ssh session.
The archives contain a myriad of options to mitigate the effects of
brute force attacks, etc. This topic has been (repeatedly) beaten to
death on this list, i
Something like:
pass in quick on $ext_if from { $friendly_networks } to any port ssh keep state
block in on $ext_if from any to any port ssh
should work. You can place "$friendly_networks" into a table that
gets loaded from a file if the list is large. And/or update it via
pftcl on the fly.
O
Hello Folks,
Our server is getting hammered on a daily basis by IPs trying to open an ssh
session. Currently, I'm manually putting the subnets (in a pf table) that are
repeatedly trying to get in. As you can see, this list will eventually get
very big and will be unmaintainable. Is there any wa
8 matches
Mail list logo