From owner-freebsd-hackers@FreeBSD.ORG  Tue Sep 30 07:50:36 2008
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0C4B1106568F
	for <freebsd-hackers@freebsd.org>; Tue, 30 Sep 2008 07:50:36 +0000 (UTC)
	(envelope-from rb@gid.co.uk)
Received: from mx0.gid.co.uk (mx0.gid.co.uk [194.32.164.250])
	by mx1.freebsd.org (Postfix) with ESMTP id 80EA88FC0C
	for <freebsd-hackers@freebsd.org>; Tue, 30 Sep 2008 07:50:35 +0000 (UTC)
	(envelope-from rb@gid.co.uk)
Received: from gidgate.gid.co.uk (80-46-130-69.static.dsl.as9105.com
	[80.46.130.69])
	by mx0.gid.co.uk (8.14.2/8.14.2) with ESMTP id m8U7d1kQ044228;
	Tue, 30 Sep 2008 08:39:01 +0100 (BST) (envelope-from rb@gid.co.uk)
Received: from [192.168.255.1] (seagoon.gid.co.uk [194.32.164.1])
	by gidgate.gid.co.uk (8.13.8/8.13.8) with ESMTP id m8U7cuuW014816;
	Tue, 30 Sep 2008 08:38:56 +0100 (BST) (envelope-from rb@gid.co.uk)
Message-Id: <79B5654C-62A9-4D8B-9556-2C38D6D51452@gid.co.uk>
From: Bob Bishop <rb@gid.co.uk>
To: Rich Healey <healey.rich@gmail.com>
In-Reply-To: <48E16E93.3090601@gmail.com>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v929.2)
Date: Tue, 30 Sep 2008 08:38:56 +0100
References: <48E16E93.3090601@gmail.com>
X-Mailer: Apple Mail (2.929.2)
Cc: freebsd-hackers@freebsd.org
Subject: Re: SSH Brute Force attempts
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Sep 2008 07:50:36 -0000

Hi,

On 30 Sep 2008, at 01:10, Rich Healey wrote:

> Recently I'm getting a lot of brute force attempts on my server, in  
> the
> past I've used various tips and tricks with linux boxes but many of  
> them
> were fairly linux specific.
>
> What do you BSD guys use for this purpose?

[various solutions proposed]

I too would worry about having something automatically updating filter  
rulesets. An alternative is to blackhole route the offending source, eg:

route -nq add -host a.b.c.d 127.0.0.1 -blackhole

WHatever solution you adopt, the ability to whitelist is a very good  
idea (especially if you are as inaccurate a typist as I am). And I'd  
second what others have said about avoiding passwords altogether if  
it's possible in your situation.

--
Bob Bishop          +44 (0)118 940 1243
rb@gid.co.uk    fax +44 (0)118 940 1295
            mobile +44 (0)783 626 4518