From owner-freebsd-questions@FreeBSD.ORG Fri Jun 18 16:50:01 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E2192106566C for ; Fri, 18 Jun 2010 16:50:01 +0000 (UTC) (envelope-from idefix@fechner.net) Received: from anny.lostinspace.de (anny.lostinspace.de [IPv6:2a01:138:a006::2]) by mx1.freebsd.org (Postfix) with ESMTP id 59DA58FC1A for ; Fri, 18 Jun 2010 16:50:01 +0000 (UTC) Received: from server.idefix.lan (ppp-88-217-54-73.dynamic.mnet-online.de [88.217.54.73]) (authenticated bits=0) by anny.lostinspace.de (8.14.3/8.14.3) with ESMTP id o5IGnqeU058283 for ; Fri, 18 Jun 2010 18:49:57 +0200 (CEST) (envelope-from idefix@fechner.net) Received: from server.idefix.lan (unknown [127.0.0.1]) by server.idefix.lan (Postfix) with ESMTP id 70A735398 for ; Fri, 18 Jun 2010 18:49:51 +0200 (CEST) X-Virus-Scanned: amavisd-new at server.idefix.lan Received: from server.idefix.lan ([127.0.0.1]) by server.idefix.lan (server.idefix.lan [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v1+jw6+7akYv for ; Fri, 18 Jun 2010 18:49:42 +0200 (CEST) Received: from idefix-mobil.idefix.lan (unknown [IPv6:2001:a60:f035:2:226:8ff:fee1:cb6f]) by server.idefix.lan (Postfix) with ESMTPA id A7FD55387 for ; Fri, 18 Jun 2010 18:49:42 +0200 (CEST) Message-ID: <4C1BA3A6.1090509@fechner.net> Date: Fri, 18 Jun 2010 18:49:42 +0200 From: Matthias Fechner User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; de; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <367428.93212.qm@web51108.mail.re2.yahoo.com> <4C1B67B2.8000309@nrdx.com> <4C1B90CE.4020509@netscape.net> <4C1B9549.4080801@gmail.com> <20100618155514.GI29381@omniti.com> In-Reply-To: <20100618155514.GI29381@omniti.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.5 (anny.lostinspace.de [80.190.182.2]); Fri, 18 Jun 2010 18:49:57 +0200 (CEST) X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on anny.lostinspace.de Subject: Re: system is under attack (what can I do more?) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jun 2010 16:50:02 -0000 Am 18.06.10 17:55, schrieb Jason Dixon: > Doesn't FreeBSD's version of pf support the overload feature? This is > how we typically manage ssh bruteforce attempts in OpenBSD/pf-land. > and what you want to do if a user connects authorizied very often in lets say 10 seconds? If you work e.g. with subversion or other tunneled connection 10 connections in 5 seconds is not seldom. On pf-level you are not able to distinquish between successfull or denied connection or? Bye, Matthias -- "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning." -- Rich Cook