Date: Fri, 05 Mar 2010 17:54:50 +0100 From: Matthias Fechner <idefix@fechner.net> To: freebsd-questions@freebsd.org Subject: Re: Thousands of ssh probes Message-ID: <4B91375A.4020503@fechner.net> In-Reply-To: <4B912ADC.1040802@infracaninophile.co.uk> References: <20100305125446.GA14774@elwood.starfire.mn.org> <4B910139.1080908@joseph-a-nagy-jr.us> <20100305132604.GC14774@elwood.starfire.mn.org> <F4960422-5F59-4FF4-A2E4-1F0A4772B78B@olivent.com> <20100305154439.GA17456@elwood.starfire.mn.org> <4B912ADC.1040802@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Am 05.03.10 17:01, schrieb Matthew Seaman: > table <ssh-bruteforce> persist > [...near the top of the rules section...] > block drop in log quick on $ext_if from<ssh-bruteforce> > > [...later in the rules section...] > pass in on $ext_if proto tcp \ > from any to $ext_if port ssh \ > flags S/SA keep state \ > (max-src-conn-rate 3/30, overload<ssh-bruteforce> flush global) > that is dangarous, if you use subversion over ssh you will sometimes get more then 10 requests in 30 seconds. That means you will also block users they are allowed to connect. Gruss, Matthias -- "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning." -- Rich Cook
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B91375A.4020503>