Date: Wed, 12 Apr 2006 00:27:43 -0400 From: John Cruz <cruzweb@gmail.com> To: Chris Maness <chris@chrismaness.com> Cc: Jonathan Franks <daemon@taconic.net>, freebsd-questions@freebsd.org Subject: Re: How to Stop Bruit Force ssh Attempts? Message-ID: <443C81BF.6040407@gmail.com> In-Reply-To: <443C7E26.2000803@chrismaness.com> References: <441C45BA.1030106@chrismaness.com> <894280FF-CB83-4EEA-9CAD-422A34068354@taconic.net> <443C7E26.2000803@chrismaness.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I used to have problems with brute force attempts as well. I just changed the port that SSH uses (TCP/IP port, not "ports collection" port) and the problems have stopped. I made it something that means something to me and maybe not others, so it's a simple and powerful way of getting the job done. -John Chris Maness wrote: > Jonathan Franks wrote: > >> >> On Mar 18, 2006, at 12:39 PM, Chris Maness wrote: >> >>> In my auth log I see alot of bruit force attempts to login via >>> ssh. Is there a way I can have the box automatically kill any tcp/ >>> ip connectivity to hosts that try and fail a given number of >>> times? Is there a port or something that I can install to give >>> this kind of protection. I'm still kind of a FreeBSD newbie. >> >> >> If you are using PF, you can use source tracking to drop the >> offenders in to a table... perhaps after a certain number of >> attempts in a given time (say, 5 in a minute). Once you have the >> table you're in business... you can block based on it... and then >> set up a cron job to copy the table to disk every so often (perhaps >> once every two minutes). It works very well for me, YMMV. >> >> If you don't want to block permanently, you could use cron to flush >> the table every so often too... I don't bother though. >> >> -Jonathan > > I use a port called DenyHost. It adds an entry to hosts.allow that > denies access. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?443C81BF.6040407>