From owner-freebsd-questions@FreeBSD.ORG Thu Oct 7 22:15:31 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4485F16A4CE for ; Thu, 7 Oct 2004 22:15:31 +0000 (GMT) Received: from sdf.lonestar.org (ol.freeshell.org [192.94.73.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id DCF4143D1D for ; Thu, 7 Oct 2004 22:15:28 +0000 (GMT) (envelope-from lukas@sdf.lonestar.org) Received: from sdf.lonestar.org (IDENT:lukas@mx.freeshell.org [192.94.73.21]) by sdf.lonestar.org (8.12.10/8.12.10) with ESMTP id i97MFQsX004243 for ; Thu, 7 Oct 2004 22:15:26 GMT Received: (from lukas@localhost) by sdf.lonestar.org (8.12.10/8.12.8/Submit) id i97MFQ0J027793; Thu, 7 Oct 2004 15:15:26 -0700 (PDT) Date: Thu, 7 Oct 2004 15:15:25 -0700 (PDT) From: Luke X-X-Sender: lukas@mx.freeshell.org To: freebsd-questions@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: Protecting SSH from brute force attacks X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: LukeD@pobox.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Oct 2004 22:15:31 -0000 There are several script kiddies out there hitting my SSH server every day. Sometimes they attempt to brute-force their way in trying new logins every second or so for hours at a time. Given enough time, I fear they will eventually get in. Is there anything I can do to hinder them? I'd like to ban the IP after 50 failed attempts or something. I'd heard that each failed attempt from a source was supposed to make the daemon respond slower each time, thus limiting the usefulness of brute force attacks, but I'm not seeing that behavior.