From owner-freebsd-questions@FreeBSD.ORG  Fri Jun 18 15:55:19 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 54CB3106564A
	for <freebsd-questions@freebsd.org>;
	Fri, 18 Jun 2010 15:55:19 +0000 (UTC)
	(envelope-from jdixon@omniti.com)
Received: from edge.omniti.com (smtp.omniti.com [8.8.38.6])
	by mx1.freebsd.org (Postfix) with ESMTP id 15A588FC18
	for <freebsd-questions@freebsd.org>;
	Fri, 18 Jun 2010 15:55:18 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; d=omniti.com; s=s1024; c=relaxed/relaxed;
	q=dns/txt; i=@omniti.com; t=1276876518; h=From:Subject:Date:To;
	bh=WDBKgIgnFJJm4+Gs6upqpx2Fj8FKbHt8Q12J/1XbCNo=;
	b=Hw/1i3mBOJ0NENYSHVtyaFYjLUbWr8C1oswyof5ovr5KA8YlxTyG5oXh0kuInLUP
	OpBclnXQKwnX0Pm3ZiDP7D7FmxU9Bg+XQCJjJ0SLERf1sgXCQ2ghGs2Aro3HwsDL
	DdRrN6C9uOemhTs0nKkIffvIB/nZPKXtwISykshisN0=;
Authentication-Results: edge smtp.user=jdixon@omniti.com; auth=pass (LOGIN)
Received: from [68.55.0.29] ([68.55.0.29:53388] helo=omniti.com)
	by edge (envelope-from <jdixon@omniti.com>)
	(ecelerity 2.2.2.35 r(26636M)) with ESMTPSA (cipher=AES256-SHA) 
	id D9/B4-17327-5E69B1C4; Fri, 18 Jun 2010 11:55:18 -0400
Date: Fri, 18 Jun 2010 11:55:14 -0400
From: Jason Dixon <jdixon@omniti.com>
To: Glen Barber <glen.j.barber@gmail.com>
Message-ID: <20100618155514.GI29381@omniti.com>
References: <367428.93212.qm@web51108.mail.re2.yahoo.com>
	<4C1B67B2.8000309@nrdx.com> <4C1B90CE.4020509@netscape.net>
	<4C1B9549.4080801@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4C1B9549.4080801@gmail.com>
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: Jerry Bell <jerry@nrdx.com>, freebsd-questions@freebsd.org,
	Kaya Saman <SamanKaya@netscape.net>
Subject: Re: system is under attack (what can I do more?)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jun 2010 15:55:19 -0000

On Fri, Jun 18, 2010 at 11:48:25AM -0400, Glen Barber wrote:
> Hi,
>
> On 6/18/10 11:29 AM, Kaya Saman wrote:
>> [...]
>>> Look at ports/security/sshguard and ports/security/bruteblock.
>>>
>>> I use sshguard with ipfilter, but it works with pf and ipfw as well.
>>> It is very simple to set up and gets the job done.
>>
>> Hi just wanted to say thanks for stating this as I'm also looking for a
>> BSD version of fail2ban which I couldn't find in the FreeBSD ports
>> collection......
>
> security/py-fail2ban

Doesn't FreeBSD's version of pf support the overload feature?  This is
how we typically manage ssh bruteforce attempts in OpenBSD/pf-land.

-- 
Jason Dixon
OmniTI Computer Consulting, Inc.
jdixon@omniti.com
443.325.1357 x.241