2009/7/22 Nathan Eisenberg :
> I do feel that changing the port may not truly constitute an increase in
> security. It makes you less visible, perhaps. But this particular firewall
> is already subjected to port scans across the entire range, including
> highports (it has some very high traffi
I do feel that changing the port may not truly constitute an increase in
security. It makes you less visible, perhaps. But this particular firewall is
already subjected to port scans across the entire range, including highports
(it has some very high traffic web sites behind it), so the altern
2009/7/22 Jeppe Øland :
>> Some of my pfsense boxes get a lot of SSH bruteforces; is there a
>> package like fail2ban out there which could automatically blacklist
>> IPs after x
> Request: It would be really nice if pfsense could limit the
> connection-rate *per IP*.
IIRC
> Some of my pfsense boxes get a lot of SSH bruteforces; is there a
> package like fail2ban out there which could automatically blacklist
> IPs after x
Request: It would be really nice if pfsense could limit the
connection-rate *per IP*.
>>> IIRC it is possible to set this per
I have Nokia IP330, 3x 10/100 Ethernet, 1U Rackmount. $30, I have offered these
on the m0n0wall list, I'll make a post on this list also.
-Original Message-
From: Joseph L. Casale
Sent: Tuesday, July 21, 2009 7:46 PM
To: 'support@pfsense.com'
Subject: [pfSense Support] 1U Case Reco
Any
I don't know if it meets all of your requirements but I do quite a few
installs on http://www.ironsystems.com AR230.
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com
On Tue, Jul 21, 2009 at 7:46 PM, Joseph L.
Casale wrote:
> Anyone know who makes a decent 1u case wi
Paul Cockings wrote:
> Jeppe Øland wrote:
>> >> Some of my pfsense boxes get a lot of SSH bruteforces; is there a
>> package
>> >> like fail2ban out there which could automatically blacklist IPs
>> after x bad
>> >> logins?
>> > b) limit the connection-rate to a preferred useful value in the
>> fil
Anyone know who makes a decent 1u case with the eth and peripheral
slot open in the front and that also redirects the leds up front
for a Soekris 5501?
If need be, I am open to a different mobo suggestion as well, I just
need ~4 eth ports and an embedded design resilient to any potential
power out
> -Original Message-
> From: Ermal Luçi [mailto:ermal.l...@gmail.com]
> Sent: July 20, 2009 2:38 PM
> To: support@pfsense.com
> Subject: Re: [pfSense Support] IGMP packet out of WAN
>
> Sorry for the late reply but i have been busy with work.
> Read below...
>
> On Sun, Jul 19, 2009 at 2
> -Original Message-
> From: cbuech...@gmail.com [mailto:cbuech...@gmail.com] On
> Behalf Of Chris Buechler
> Sent: July 21, 2009 10:58 AM
> To: support@pfsense.com
> Subject: Re: [pfSense Support] IGMP packet out of WAN
>
> On Mon, Jul 20, 2009 at 6:51 PM, Evgeny
> Yurchenko wrote:
> >>
On Tue, Jul 21, 2009 at 10:42 AM, Nathan Eisenberg
wrote:
> Hello Paul,
>
> I've considered that, but in this instance, it's not an option. I agree
> that limiting exposure is a good first step, but I think brute force
> protection regardless of source address could be a valuable next step. SSH
Nick Smith wrote:
> thanks for any help, id like to keep the console password to something
> other than the gui password if at all possible.
could you use ssh keys to grant console access without giving out web
gui password, or do you want to do it the other way round?
---
Chris Buechler wrote:
> On Tue, Jul 21, 2009 at 11:55 AM, R. Th. Boots wrote:
>> Correct me if I am not misinterpret option 1, but my problem is with
>> inbound connection so option 1 should not apply to my problem. I tried
>> it but still the same.
>>
>
> That inbound connection generally isn't a
Hello Paul,
I've considered that, but in this instance, it's not an option. I agree that
limiting exposure is a good first step, but I think brute force protection
regardless of source address could be a valuable next step. SSH keys ensure
that the accounts won't actually be breached; it's ju
On Tue, Jul 21, 2009 at 11:55 AM, R. Th. Boots wrote:
>
> Correct me if I am not misinterpret option 1, but my problem is with
> inbound connection so option 1 should not apply to my problem. I tried
> it but still the same.
>
That inbound connection generally isn't an inbound connection, it's
par
Chris Buechler wrote:
> On Tue, Jul 21, 2009 at 11:25 AM, R. Th. Boots wrote:
>> Chris Buechler wrote:
>>> On Sun, Jul 19, 2009 at 5:44 PM, R. Th. Boots wrote:
Hello All,
I have an asterisk server which is hooked up to 3 providers. With all 3
of them I have no problems connectin
On Tue, Jul 21, 2009 at 11:25 AM, R. Th. Boots wrote:
> Chris Buechler wrote:
>> On Sun, Jul 19, 2009 at 5:44 PM, R. Th. Boots wrote:
>>> Hello All,
>>>
>>> I have an asterisk server which is hooked up to 3 providers. With all 3
>>> of them I have no problems connecting to my numbers, however only
Chris Buechler wrote:
> On Sun, Jul 19, 2009 at 5:44 PM, R. Th. Boots wrote:
>> Hello All,
>>
>> I have an asterisk server which is hooked up to 3 providers. With all 3
>> of them I have no problems connecting to my numbers, however only with 2
>> of them I am able to receive calls on the numbers.
What about using Snort in an IPS mode. I'm sure there is a rule out
there to block a specific IP based on the number of times this even
occurs.
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com
On Tue, Jul 21, 2009 at 9:00 AM, k_o_l wrote:
>
>
>
>
> From: Jeppe Ølan
On Mon, Jul 20, 2009 at 6:51 PM, Evgeny
Yurchenko wrote:
>> -Original Message-
>> From: Ermal Luçi [mailto:ermal.l...@gmail.com]
>> Sent: July 20, 2009 6:03 PM
>> To: support@pfsense.com
>> Subject: Re: [pfSense Support] IGMP packet out of WAN
>>
>> On Mon, Jul 20, 2009 at 9:02 PM, Evgeny
>
From: Jeppe Øland [mailto:jol...@gmail.com]
Sent: Tuesday, July 21, 2009 5:04 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] Anything like fail2ban for PFSense?
>>> Some of my pfsense boxes get a lot of SSH bruteforces; is there a package
>>> like fail2ban out there which coul
Hi, i'm configuring a pfsense with psk and have some questions about
(can't find the anwser at google), and here are they:
1) can i do multiple clients to one server? (eg: one configuration on
server and various clients connecting to the same server conf?)
- or a have to configure sever / c
2009/7/21 Jeppe Øland :
Some of my pfsense boxes get a lot of SSH bruteforces; is there a
package
like fail2ban out there which could automatically blacklist IPs after x
>>> Request: It would be really nice if pfsense could limit the
>>> connection-rate
>>> *per IP*.
>> IIRC it is po
>>> Some of my pfsense boxes get a lot of SSH bruteforces; is there a
package
>>> like fail2ban out there which could automatically blacklist IPs after x
>> Request: It would be really nice if pfsense could limit the
connection-rate
>> *per IP*.
> IIRC it is possible to set this per source-IP ;-)
2009/7/21 Jeppe Øland :
>>> Some of my pfsense boxes get a lot of SSH bruteforces; is there a package
>>> like fail2ban out there which could automatically blacklist IPs after x
>>> bad
>>> logins?
>> b) limit the connection-rate to a preferred useful value in the
>> filter-rules
>
> This works rea
Jeppe Øland wrote:
>> Some of my pfsense boxes get a lot of SSH bruteforces; is there a
package
>> like fail2ban out there which could automatically blacklist IPs
after x bad
>> logins?
> b) limit the connection-rate to a preferred useful value in the
filter-rules
This works reasonably well.
>> Some of my pfsense boxes get a lot of SSH bruteforces; is there a package
>> like fail2ban out there which could automatically blacklist IPs after x
bad
>> logins?
> b) limit the connection-rate to a preferred useful value in the
filter-rules
This works reasonably well.
Unfortunately, the entir
27 matches
Mail list logo
