From owner-freebsd-questions@FreeBSD.ORG Tue Feb 28 17:57:53 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8473A16A420 for ; Tue, 28 Feb 2006 17:57:53 +0000 (GMT) (envelope-from freebsd@philip.pjkh.com) Received: from bravo.pjkh.com (bravo.pjkh.com [72.36.232.219]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F44543D46 for ; Tue, 28 Feb 2006 17:57:53 +0000 (GMT) (envelope-from freebsd@philip.pjkh.com) Received: from bravo.pjkh.com (bravo.pjkh.com [72.36.232.219]) by bravo.pjkh.com (Postfix) with ESMTP id 9655113C7DD; Tue, 28 Feb 2006 11:58:58 -0600 (CST) Received: by bravo.pjkh.com (Postfix, from userid 1000) id 63B8313C7C0; Tue, 28 Feb 2006 11:58:58 -0600 (CST) Received: from localhost (localhost [127.0.0.1]) by bravo.pjkh.com (Postfix) with ESMTP id 60BA813C404; Tue, 28 Feb 2006 11:58:58 -0600 (CST) Date: Tue, 28 Feb 2006 11:58:58 -0600 (CST) From: Philip Hallstrom To: "Michael P. Soulier" In-Reply-To: <20060228152555.GE29050@tigger.digitaltorque.ca> Message-ID: <20060228115826.Q40829@bravo.pjkh.com> References: <20060228152555.GE29050@tigger.digitaltorque.ca> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: ClamAV using ClamSMTP Cc: freebsd-questions@freebsd.org Subject: Re: limiting brute force attacks X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Feb 2006 17:57:53 -0000 > I've seen some efforts from the netfilter community on Linux to provide a > means to limit brute-force attacks via firewall rules. Can anyone suggest a > way to do the same on FreeBSD? > > I'm primarily interested in limiting attacks on sshd. I already use RSA auth, > but I like defense-in-depth. http://www.pjkh.com/wiki/ssh_monitor