From owner-freebsd-questions@FreeBSD.ORG Thu Aug 25 16:05:32 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CF29B16A41F for ; Thu, 25 Aug 2005 16:05:32 +0000 (GMT) (envelope-from peter@bgnett.no) Received: from vs2.bgnett.no (vs02.bgnett.no [194.54.96.190]) by mx1.FreeBSD.org (Postfix) with ESMTP id 34EFC43D53 for ; Thu, 25 Aug 2005 16:05:31 +0000 (GMT) (envelope-from peter@bgnett.no) Received: from amidala.datadok.no.bgnett.no (amidala.datadok.no [194.54.103.98]) by vs2.bgnett.no (8.12.9p2/8.12.9) with ESMTP id j7P7frf0054569 for ; Thu, 25 Aug 2005 09:41:54 +0200 (CEST) (envelope-from peter@bgnett.no) To: freebsd-questions@freebsd.org References: <200508241119671.SM00756@chris> From: peter@bgnett.no (Peter N. M. Hansteen) Date: Thu, 25 Aug 2005 09:41:33 +0200 In-Reply-To: <200508241119671.SM00756@chris> (Chris St Denis's message of "Wed, 24 Aug 2005 11:18:50 -0700") Message-ID: <86y86qbh02.fsf@amidala.datadok.no> User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.17 (Jumbo Shrimp, berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-bgnett.no-virusscanner: Found to be clean X-bgnett.no-SpamScore: ssss X-Envelope-To: freebsd-questions@freebsd.org Subject: Re: Illegal access attempt - FreeBSD 5.4 Release - please advise X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Aug 2005 16:05:32 -0000 "Chris St Denis" writes: > How can I easily auto deny after x failed attempts? Is this an sshd setting? > I could find it. > > Is there something in ports that will firewall off somebody who is brute > forcing? With PF, it's fairly easy to set up with max-src-conn, max-src-conn-rate overload in your pass rule. See pf.conf(5) for details. There's probably some magic around to make this doable with other firewalls as well. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"