From owner-freebsd-questions@FreeBSD.ORG Sat Mar 18 18:28:34 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E015516A505 for ; Sat, 18 Mar 2006 18:28:34 +0000 (UTC) (envelope-from wsantee@gmail.com) Received: from pproxy.gmail.com (pproxy.gmail.com [64.233.166.176]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5AED243D46 for ; Sat, 18 Mar 2006 18:28:33 +0000 (GMT) (envelope-from wsantee@gmail.com) Received: by pproxy.gmail.com with SMTP id n25so1265089pyg for ; Sat, 18 Mar 2006 10:28:33 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; b=OkCCBhAxE5YtEDPXF+r4BeLCC30bFKMyz1U41hG5VYeoPcVvRD5j7CS+W6Z0vtxJqKbhT+YPDO+WQ3t0Lfz4zePjEOc4xyoXQDCO5zu7IOzB5ap1YI6mVRDQ5POvBRALIFTPy5uh6cSjjyorP/1eBU428NaX2NDGCDa2cN8MDiI= Received: by 10.35.101.9 with SMTP id d9mr1142713pym; Sat, 18 Mar 2006 10:01:10 -0800 (PST) Received: from ?10.0.1.3? ( [168.103.224.74]) by mx.gmail.com with ESMTP id b43sm834325pyb.2006.03.18.10.01.09; Sat, 18 Mar 2006 10:01:09 -0800 (PST) Message-ID: <441C4ABC.2090102@gmail.com> Date: Sat, 18 Mar 2006 10:00:28 -0800 From: Wes Santee User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Chris Maness References: <441C45BA.1030106@chrismaness.com> In-Reply-To: <441C45BA.1030106@chrismaness.com> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: How to Stop Bruit Force ssh Attempts? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Mar 2006 18:28:35 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Chris Maness wrote: > In my auth log I see alot of bruit force attempts to login via ssh. Is > there a way I can have the box automatically kill any tcp/ip > connectivity to hosts that try and fail a given number of times? Is > there a port or something that I can install to give this kind of > protection. I'm still kind of a FreeBSD newbie. security/bruteforeceblocker (requires pf as the firewall) security/denyhosts (uses tcp_wrappers and /etc/hosts.allow) security/sshit (requires ipfw as firewall) I rolled my own solution and haven't used any of these, so I don't know how well they work in practice. They probably all require some initial setup and configuration. Cheers, - -Wes -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBRBxKu4rq8W17hxGfAQh0cQ/+NjUEnYUHJgrLiq49OLvqbsH8XxXecEN0 pL2XnZ8ACv5SIVR7/ng2SO2o4HwRpc0Oio+r5GKRionnkDja4+fxxSr1hwlnQ/cC ifm00QwSR21m8kCFnKKyl6GfrQAOa8aBXLx1+xT/FYY/wxNB5I2Otoj0BcuGrIMq 3qqhh7DT4ABVYVEtJiu3PcUr6hTU+oNnj/gvlF+lUlEI0m5WbcZPqs8cZXKFwTfa XuK7X2LvyZMjlibfFPsVWnpCyV31L8dRfy7CrZpfe3y/RsVuww9/tC2ErzNLPlZX 6h9g41G50WNzGsv/DU6VbdiqnHEaKfmtECPH0dL/YSUYqIzC/Jj8i8IeUsL1MoIy gLaAafy1yPGGFJlkq1erBc/KUQFcPCIoNI0ENvKMwOcbq+c+U+McdmXUqOfggKMZ aXyklduBAF98+NewIVdAVrv69ImHVbouDj6WsyByGM9qkxFlJ5/vp6n410WUEsmd +EkAM3h9I47xJ5/MQ/QM4mVuqY+Uqv4hkRR2xrSSXk5yquztCBvKQ94peawOZEQ9 6V6x0MfI9xNqGWvcS2cGVTbrs/TLtAa5yGLyn+TXbfIXVV8gdb9X7scWLW62TePb b16uiRclzwBmwSyZBcZNDizchpJ9bYBVjDjt1r60PDDyBp4T9swqufdA7ypQVGzh R7/orRajLkE= =ztIl -----END PGP SIGNATURE-----