Date: Sun, 25 May 2008 19:24:48 -0700 From: Jeremy Chadwick <koitsu@FreeBSD.org> To: "John ." <comp.john@googlemail.com> Cc: freebsd-pf@freebsd.org Subject: Re: auto-blackholing/blacklisting on multiple hacking attempts Message-ID: <20080526022448.GA47206@eos.sc1.parodius.com> In-Reply-To: <abc784790805251820x62a763aem67d262b1a103f41c@mail.gmail.com> References: <abc784790805251820x62a763aem67d262b1a103f41c@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, May 26, 2008 at 02:20:45AM +0100, John . wrote: > I see this, for example, in my auth log: > > May 15 02:00:39 www sshd[9180]: Invalid user web from 201.18.232.30 > > I'd like it to be so that if an IP tries to connect to sshd more than > once in a 30 second period, that they are immediately blackholed. > Should I be using pf for this or would it be done better in some other > utility? ports/security/sshguard-pf ports/security/blocksshd -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080526022448.GA47206>