Date: Thu, 7 Oct 2004 19:23:49 -0500 From: Vulpes Velox <v.velox@vvelox.net> To: LukeD@pobox.com Cc: luked@pobox.com Subject: Re: Protecting SSH from brute force attacks Message-ID: <20041007192349.36120317@vixen42.24-119-122-191.cpe.cableone.net> In-Reply-To: <Pine.NEB.4.60.0410071514530.27025@mx.freeshell.org> References: <Pine.NEB.4.60.0410071514530.27025@mx.freeshell.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 7 Oct 2004 15:15:25 -0700 (PDT) Luke <luked@pobox.com> wrote: > There are several script kiddies out there hitting my SSH server > every day. Sometimes they attempt to brute-force their way in > trying new logins every second or so for hours at a time. Given > enough time, I fear they will eventually get in. > Is there anything I can do to hinder them? > > I'd like to ban the IP after 50 failed attempts or something. I'd > heard that each failed attempt from a source was supposed to make > the daemon respond slower each time, thus limiting the usefulness of > brute force attacks, but I'm not seeing that behavior. I forget where in /etc it is, but look into setting up something that allows a certian number of failed logins before locking that IP/term out for a few minutes.... and if it is constantly from the same place look into calling their ISP or the like. Or in a few cases, like I have done in a few cases, and a deny from any to any for that chunk of the net... man login.conf for more info :)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041007192349.36120317>