From owner-freebsd-questions@FreeBSD.ORG Fri Jun 18 17:26:59 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5E69B106566C for ; Fri, 18 Jun 2010 17:26:59 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk [IPv6:2001:8b0:151:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id BDB308FC1C for ; Fri, 18 Jun 2010 17:26:58 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.187.76.163]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.4/8.14.4) with ESMTP id o5IHQpL2010624 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Fri, 18 Jun 2010 18:26:52 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) Message-ID: <4C1BAC5B.1000505@infracaninophile.co.uk> Date: Fri, 18 Jun 2010 18:26:51 +0100 From: Matthew Seaman Organization: Infracaninophile User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.10) Gecko/20100512 Thunderbird/3.0.5 MIME-Version: 1.0 To: Jason Dixon References: <367428.93212.qm@web51108.mail.re2.yahoo.com> <4C1B67B2.8000309@nrdx.com> <4C1B90CE.4020509@netscape.net> <4C1B9549.4080801@gmail.com> <20100618155514.GI29381@omniti.com> In-Reply-To: <20100618155514.GI29381@omniti.com> X-Enigmail-Version: 1.0.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.96.1 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=1.6 required=5.0 tests=BAYES_50,DKIM_ADSP_ALL, SPF_FAIL autolearn=no version=3.3.1 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on lucid-nonsense.infracaninophile.co.uk Cc: Jerry Bell , Glen Barber , freebsd-questions@freebsd.org, Kaya Saman Subject: Re: system is under attack (what can I do more?) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jun 2010 17:26:59 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 18/06/2010 16:55:14, Jason Dixon wrote: > Doesn't FreeBSD's version of pf support the overload feature? This is > how we typically manage ssh bruteforce attempts in OpenBSD/pf-land. Sure it does. pf in FreeBSD 7.2+ or 8.0+ is basically the same as in OpenBSD 4.3. Overload works pretty well against bruteforcing, but some of the bruteforcers are getting wise to that sort of protection and not hitting an individual machine frequently enough to trigger the lock-out. Of course, this does mean that they are going slowly enough that they aren't eating your bandwidth or flooding your log files quite so much, but it is still annoying. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew@infracaninophile.co.uk Kent, CT11 9PW -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwbrFsACgkQ8Mjk52CukIyE7QCeNnNAI7Mr5qMPJJVnlS+qeetA eIAAn1+KUuNHveo6E2Pcenvb8UQrrvVG =WMxd -----END PGP SIGNATURE-----