From owner-freebsd-questions@FreeBSD.ORG Tue Feb 28 15:39:30 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 350AF16A420 for ; Tue, 28 Feb 2006 15:39:30 +0000 (GMT) (envelope-from freebsd@orchid.homeunix.org) Received: from orchid.homeunix.org (auq31.neoplus.adsl.tpnet.pl [83.27.24.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4FC1443D48 for ; Tue, 28 Feb 2006 15:39:28 +0000 (GMT) (envelope-from freebsd@orchid.homeunix.org) Received: from [192.168.1.66] (blackacidevil.orchid.homeunix.org [192.168.1.66]) (authenticated bits=0) by orchid.homeunix.org (8.13.4/8.13.4) with ESMTP id k1SFdHun057847 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO) for ; Tue, 28 Feb 2006 16:39:27 +0100 (CET) (envelope-from freebsd@orchid.homeunix.org) Message-ID: <44046E9D.9090302@orchid.homeunix.org> Date: Tue, 28 Feb 2006 16:39:09 +0100 From: Karol Kwiatkowski User-Agent: Thunderbird 1.5 (X11/20060112) MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <20060228152555.GE29050@tigger.digitaltorque.ca> In-Reply-To: <20060228152555.GE29050@tigger.digitaltorque.ca> X-Enigmail-Version: 0.94.0.0 OpenPGP: id=06E09309; url=http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig3A03BD7F969E2B7E62C3568C" X-Virus-Scanned: ClamAV 0.88/1306/Tue Feb 28 10:50:04 2006 on orchid.homeunix.org X-Virus-Status: Clean Subject: Re: limiting brute force attacks X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd@orchid.homeunix.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Feb 2006 15:39:30 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig3A03BD7F969E2B7E62C3568C Content-Type: text/plain; charset=ISO-8859-2 Content-Transfer-Encoding: quoted-printable Michael P. Soulier wrote: > Hey people, >=20 > I've seen some efforts from the netfilter community on Linux to provide= a > means to limit brute-force attacks via firewall rules. Can anyone sugge= st a > way to do the same on FreeBSD?=20 >=20 > I'm primarily interested in limiting attacks on sshd. I already use RSA= auth, > but I like defense-in-depth.=20 Hi Michael, you can use pf firewall (probably others, too) to limit/refuse incoming connections. Have a look at Niki Denev's post @stable: http://lists.freebsd.org/pipermail/freebsd-stable/2006-February/022616.ht= ml Regards, Karol --=20 Karol Kwiatkowski GPGKey: http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc --------------enig3A03BD7F969E2B7E62C3568C Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEBG6lezeoPAwGIYsRAsrKAJ4iCbYglvQx9hS0CFIYcf0iQZiDlgCZAbAm XXe0O7qO5R3gOKbA6UD+Bek= =CzyI -----END PGP SIGNATURE----- --------------enig3A03BD7F969E2B7E62C3568C--