From owner-freebsd-isp@FreeBSD.ORG  Tue Jul 19 19:12:55 2005
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
X-Original-To: freebsd-isp@freebsd.org
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B3DA616A41F
	for <freebsd-isp@freebsd.org>; Tue, 19 Jul 2005 19:12:55 +0000 (GMT)
	(envelope-from todor.dragnev@gmail.com)
Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.197])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5130C43D45
	for <freebsd-isp@freebsd.org>; Tue, 19 Jul 2005 19:12:55 +0000 (GMT)
	(envelope-from todor.dragnev@gmail.com)
Received: by rproxy.gmail.com with SMTP id c51so843953rne
	for <freebsd-isp@freebsd.org>; Tue, 19 Jul 2005 12:12:54 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
	b=TnGFPLAPeJFzoFoAirWCMPdrbMex8BaheYob0vBv67EoMiAtfLRSn0nMDSvDrytuuqiqUhVFOKgaSO66Uf4FvkVChds4QSzi6gIYrZFWhhif3zyjvjDG0lvscGsBEt4/z2a7plvy/Dqq5v/iuDkqGLYc4g5FEFqs3r66lqOGfc8=
Received: by 10.39.2.68 with SMTP id e68mr1418214rni;
	Tue, 19 Jul 2005 12:12:52 -0700 (PDT)
Received: by 10.38.208.32 with HTTP; Tue, 19 Jul 2005 12:12:52 -0700 (PDT)
Message-ID: <f72a639a050719121244719e22@mail.gmail.com>
Date: Tue, 19 Jul 2005 22:12:52 +0300
From: Todor Dragnev <todor.dragnev@gmail.com>
To: freebsd-isp@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Subject: ssh brute force
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Todor Dragnev <todor.dragnev@gmail.com>
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2005 19:12:55 -0000

Hello,=20
This email may be is not for this mailing list, but with this problem
more and more ISP have troubles. I want to block ssh dictionary attack
with freebsd. I found nice solution with iptables for linux:

iptables -A INPUT -p tcp -m state --state ESTABLISHED --tcp-flags FIN,ACK
FIN,ACK --dport 22 -m recent --name sshattack --set

iptables -A INPUT -p tcp -m state --state ESTABLISHED --tcp-flags RST RST
--dport 22 -m recent --name sshattack --set

iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60
--hitcount 4 -m limit --limit 4/minute -j LOG --log-prefix 'SSH attack: '

iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60
--hitcount 4 -j DROP

Is it posible to make in this way with ipfw, ipf or pf on freebsd ?

Regards,
Todor Dragnev
--=20
There are no answers, only cross references