From owner-freebsd-questions@FreeBSD.ORG Tue Jan 24 22:40:21 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EDEED16A41F for ; Tue, 24 Jan 2006 22:40:21 +0000 (GMT) (envelope-from isachpaz@igd.fhg.de) Received: from mailgate2.igd.fraunhofer.de (mailgate2.igd.fhg.de [192.44.32.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8F3D943D6D for ; Tue, 24 Jan 2006 22:40:10 +0000 (GMT) (envelope-from isachpaz@igd.fhg.de) Received: from localhost (localhost [127.0.0.1]) by mailgate2.igd.fraunhofer.de (Postfix) with ESMTP id 261BB2986B; Tue, 24 Jan 2006 23:40:09 +0100 (CET) Received: from hermes (C55fa.c.strato-dslnet.de [62.104.85.250]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by mailgate2.igd.fraunhofer.de (Postfix) with ESMTP id AFD4B258B1; Tue, 24 Jan 2006 23:40:06 +0100 (CET) From: "Ilias Sachpazidis" To: Date: Tue, 24 Jan 2006 23:40:03 +0100 Organization: Fraunhofer IGD Message-ID: <000401c62137$1e730490$050a0a0a@hermes> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 x-mimeole: Produced By Microsoft MimeOLE V6.00.2900.2527 Thread-Index: AcYhLSvgNtsDYaP9SzCjd/t4aJKhFwACAx6w In-Reply-To: <003401c6212d$2fe157e0$0599460a@dan> X-Virus-Scanned: by amavisd-new at mailgate2.igd.fraunhofer.de Cc: 'Dan O'Connor' Subject: RE: auth.log & intruder prevention X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Ilias.Sachpazidis@igd.fraunhofer.de List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jan 2006 22:40:22 -0000 We are talking about a few users and nobody has a permanent IP. -IS -----Original Message----- From: Dan O'Connor [mailto:dan@ferrarishields.com] Sent: Dienstag, 24. Januar 2006 22:29 To: Ilias.Sachpazidis@igd.fraunhofer.de Subject: Re: auth.log & intruder prevention > I am wondering if any script is available to prevent hundreds of > attempts on > port 22 from external IPs that constantly checking user & passwords on > my > FreeBSD PCs. I can't help you with a greylist solution, but how many users do you have that ssh in from the outside? If you don't have too many, and they come from stable IP addresses, you could always set up firewall rules to allow specific connections and block other attempts to connect to port 22: # My Trusted SSH Sites dan="123.45.67.89" jim="234.56.78.90" . . . # SSH Login - Allow only trusted incoming on outside interface ${fwcmd} add pass log tcp from ${dan} to any 22 in via ${oif} setup ${fwcmd} add pass log tcp from ${jim} to any 22 in via ${oif} setup . . . ${fwcmd} add deny log tcp from any to any 22 in via ${oif} setup ~Dan -- FreeBSD Cheat Sheets http://www.mostgraveconcern.com/freebsd/