From owner-freebsd-questions@FreeBSD.ORG Mon Apr 16 00:19:46 2007 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2C2E216A401 for ; Mon, 16 Apr 2007 00:19:46 +0000 (UTC) (envelope-from juhasaarinen@gmail.com) Received: from ik-out-1112.google.com (ik-out-1112.google.com [66.249.90.179]) by mx1.freebsd.org (Postfix) with ESMTP id B6A2113C45B for ; Mon, 16 Apr 2007 00:19:45 +0000 (UTC) (envelope-from juhasaarinen@gmail.com) Received: by ik-out-1112.google.com with SMTP id c21so1420933ika for ; Sun, 15 Apr 2007 17:19:44 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=OZZDH5t3A5aw9FhNfycy3n2HvXaqhSHYZs/N51nKsDU0d2ZDbF7leLtP8c2ql5K+gY32U01cWGlmrymFpTtNZn6iRpu1+F+LSmD27l+bemHPAY+4H/c2AqjTaRRCR+uJsLMmXrT66wsbDrdaejAHKE1khUCYiF3mWNbFF1Ie/6A= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=KokS0Q2bw7mICU+DNiRY616Xz0hbrYCh5LKrpVcMg21EOIGeFOxFGcaU/Is9/nOBAy27Y0FKuV41ekJYYPsIqieJseYTN+q0I8mrLPAhcuDl9R9n6GUwx6ijTwIN1xQYziV1x/bJLXmwPjbB83VNPG98oYai2q6PlYFtZB/TMUA= Received: by 10.114.57.1 with SMTP id f1mr2018waa.1176682783693; Sun, 15 Apr 2007 17:19:43 -0700 (PDT) Received: by 10.115.95.19 with HTTP; Sun, 15 Apr 2007 17:19:43 -0700 (PDT) Message-ID: Date: Mon, 16 Apr 2007 12:19:43 +1200 From: "Juha Saarinen" To: "Bill Moran" In-Reply-To: <20070415200255.18e6ab3f.wmoran@potentialtech.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20070415200255.18e6ab3f.wmoran@potentialtech.com> Cc: questions@freebsd.org Subject: Re: Defending against SSH attacks with pf X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Apr 2007 00:19:46 -0000 On 4/16/07, Bill Moran wrote: > > There was some discussion on this list not too long ago, and someone > asked if I was willing to make my pf config and the associated scripts > I wrote for it public. I would have posted on the original thread, > but I can't find it now. > > Here is the information: > http://www.potentialtech.com/cms/node/16 Useful, but the bots have started to use longer intervals between connection attempts now. The intervals are not yet randomised though. $ sudo pfctl -t sshbrute -T show | wc 234 234 4023 Ugh. That's in just under two months. -- Juha http://www.geekzone.co.nz/juha