Date: Fri, 18 Jun 2010 18:26:51 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Jason Dixon <jdixon@omniti.com> Cc: Jerry Bell <jerry@nrdx.com>, Glen Barber <glen.j.barber@gmail.com>, freebsd-questions@freebsd.org, Kaya Saman <SamanKaya@netscape.net> Subject: Re: system is under attack (what can I do more?) Message-ID: <4C1BAC5B.1000505@infracaninophile.co.uk> In-Reply-To: <20100618155514.GI29381@omniti.com> References: <367428.93212.qm@web51108.mail.re2.yahoo.com> <4C1B67B2.8000309@nrdx.com> <4C1B90CE.4020509@netscape.net> <4C1B9549.4080801@gmail.com> <20100618155514.GI29381@omniti.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 18/06/2010 16:55:14, Jason Dixon wrote:
> Doesn't FreeBSD's version of pf support the overload feature? This is
> how we typically manage ssh bruteforce attempts in OpenBSD/pf-land.
Sure it does. pf in FreeBSD 7.2+ or 8.0+ is basically the same as in
OpenBSD 4.3.
Overload works pretty well against bruteforcing, but some of the
bruteforcers are getting wise to that sort of protection and not hitting
an individual machine frequently enough to trigger the lock-out.
Of course, this does mean that they are going slowly enough that they
aren't eating your bandwidth or flooding your log files quite so much,
but it is still annoying.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matthew@infracaninophile.co.uk Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkwbrFsACgkQ8Mjk52CukIyE7QCeNnNAI7Mr5qMPJJVnlS+qeetA
eIAAn1+KUuNHveo6E2Pcenvb8UQrrvVG
=WMxd
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C1BAC5B.1000505>