From owner-freebsd-questions@FreeBSD.ORG Mon Sep 19 19:44:13 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 54A9B106564A for ; Mon, 19 Sep 2011 19:44:13 +0000 (UTC) (envelope-from mr.festin@yandex.ru) Received: from forward8.mail.yandex.net (forward8.mail.yandex.net [IPv6:2a02:6b8:0:202::3]) by mx1.freebsd.org (Postfix) with ESMTP id C01128FC16 for ; Mon, 19 Sep 2011 19:44:12 +0000 (UTC) Received: from web97.yandex.ru (web97.yandex.ru [77.88.60.22]) by forward8.mail.yandex.net (Yandex) with ESMTP id 20005F6228F; Mon, 19 Sep 2011 23:44:11 +0400 (MSD) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1316461451; bh=GOkYKH9edkoK1tF1TpttN51wuHulfgDVMLYLj+jKVKg=; h=From:To:Cc:In-Reply-To:References:Subject:MIME-Version:Message-Id: Date:Content-Transfer-Encoding:Content-Type; b=DdaBE2zUTWpGWXNyCS//vQt+GL9XuvL5WWBA59/Gg9kUTFsUbr48FKAALqVGFmcwk PLAukRYN5mkwB1Yzw5nKGVhipcc8JbhHtVqYvzuPbmtS7iNBSe3BZr5mF3nEeYZUv5 9ryi/nYL/dYup6MhwjrgIopTcT00ISGFfBTWJ74w= Received: from localhost (localhost.localdomain [127.0.0.1]) by web97.yandex.ru (Yandex) with ESMTP id F3753131802F; Mon, 19 Sep 2011 23:44:10 +0400 (MSD) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1316461451; bh=GOkYKH9edkoK1tF1TpttN51wuHulfgDVMLYLj+jKVKg=; h=From:To:Cc:In-Reply-To:References:Subject:MIME-Version:Message-Id: Date:Content-Transfer-Encoding:Content-Type; b=DdaBE2zUTWpGWXNyCS//vQt+GL9XuvL5WWBA59/Gg9kUTFsUbr48FKAALqVGFmcwk PLAukRYN5mkwB1Yzw5nKGVhipcc8JbhHtVqYvzuPbmtS7iNBSe3BZr5mF3nEeYZUv5 9ryi/nYL/dYup6MhwjrgIopTcT00ISGFfBTWJ74w= X-Yandex-Spam: 1 Received: from 89-178-42-25.broadband.corbina.ru (89-178-42-25.broadband.corbina.ru [89.178.42.25]) by web97.yandex.ru with HTTP; Mon, 19 Sep 2011 23:44:09 +0400 From: =?koi8-r?B?59LJx8/S2MXXIOHMxcvTwc7E0g==?= To: James Strother In-Reply-To: References: MIME-Version: 1.0 Message-Id: <946851316461449@web97.yandex.ru> Date: Mon, 19 Sep 2011 23:44:09 +0400 X-Mailer: Yamail [ http://yandex.ru ] 5.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=koi8-r Cc: freebsd-questions@freebsd.org Subject: Re: limit number of ssh connections X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Sep 2011 19:44:13 -0000 If your target is protect freebsd box from bruting passwords from inet maybe security/knockd will help you? 19.09.2011, 23:05, "James Strother" : > Does anyone know a good way of limiting the number of ssh attempts > from a single IP address? > > I found the following website, which describes a variety of approaches: > > http://www.freebsdwiki.net/index.php/Block_repeated_illegal_or_failed_SSH_logins > > But I am honestly not really happy with any of them. šContinuously > polling log files for regex hits seems...well crude. šJust to give you > an idea of what I mean, here were some of the issues I had. The > sshd-scan.sh script allows IPs to be reinstated, but the timing is > dependent on how frequently you rotate logs. šsshguard has a pretty > website, but I can't actually find much useful documentation on how to > configure it. šfail2ban looks like it might work with sufficient work, > but the defaults are terrible. šBy default, every time an IP is > reinstated, all IPs are reinstated. šNot to mention, at present I > can't seem to get it to trigger any hits. > > I suppose I could keep shopping, but the truth is I just think polling > log files is the wrong way to solve the problem. šAnything based on > this approach is going to have a long latency and be highly dependent > on the unspecified and unstable formatting of log files (see > http://www.fail2ban.org/wiki/index.php/HOWTO_Mac_OS_X_Server_(10.4) > and the troubles an exclamation point can cause). > > I would much much rather do something like this: > > http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_with_iptables/ > > Does anyone know a way to do something similar with ipfw? > > Thanks in advance, > ššJim > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"