From owner-freebsd-hackers@FreeBSD.ORG Tue Sep 30 15:25:37 2008 Return-Path: Delivered-To: freebsd-hackers@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 50AB61065692; Tue, 30 Sep 2008 15:25:37 +0000 (UTC) (envelope-from danger@FreeBSD.org) Received: from services.rulez.sk (services.rulez.sk [92.240.234.125]) by mx1.freebsd.org (Postfix) with ESMTP id 0503F8FC17; Tue, 30 Sep 2008 15:25:36 +0000 (UTC) (envelope-from danger@FreeBSD.org) Received: from localhost (services.rulez.sk [92.240.234.125]) by services.rulez.sk (Postfix) with ESMTP id EB2351334544; Tue, 30 Sep 2008 17:09:34 +0200 (CEST) X-Virus-Scanned: amavisd-new at rulez.sk Received: from services.rulez.sk ([92.240.234.125]) by localhost (services.rulez.sk [92.240.234.125]) (amavisd-new, port 10024) with ESMTP id lKeN7dBe5Ljf; Tue, 30 Sep 2008 17:09:34 +0200 (CEST) Received: from hosting.cia.sk (hosting.cia.sk [92.240.234.123]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by services.rulez.sk (Postfix) with ESMTPS id 20942133441E; Tue, 30 Sep 2008 17:09:34 +0200 (CEST) Received: (from www@localhost) by hosting.cia.sk (8.14.3/8.14.2/Submit) id m8UF9Xwk074110; Tue, 30 Sep 2008 17:09:33 +0200 (CEST) (envelope-from danger@FreeBSD.org) X-Authentication-Warning: hosting.cia.sk: www set sender to danger@FreeBSD.org using -f To: Jeremy Chadwick MIME-Version: 1.0 Date: Tue, 30 Sep 2008 17:09:33 +0200 From: Daniel Gerzo Organization: The FreeBSD Project In-Reply-To: <20080930033033.GA35849@icarus.home.lan> References: <48E16E93.3090601@gmail.com> <20080930033033.GA35849@icarus.home.lan> Message-ID: <33bf69ba4e07a4aea346fc25f7939bc7@services.rulez.sk> X-Sender: danger@FreeBSD.org User-Agent: RoundCube Webmail/0.2a Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Cc: freebsd-hackers@FreeBSD.org, Rich Healey Subject: Re: SSH Brute Force attempts X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Sep 2008 15:25:37 -0000 Hello guys, On Mon, 29 Sep 2008 20:30:33 -0700, Jeremy Chadwick wrote: > On Tue, Sep 30, 2008 at 10:10:59AM +1000, Rich Healey wrote: >> Recently I'm getting a lot of brute force attempts on my server, in the >> past I've used various tips and tricks with linux boxes but many of them >> were fairly linux specific. >> >> What do you BSD guys use for this purpose? > > This probably should've gone to -security, correct. > > There are 3 ports which people often use for solving this: > > ports/security/blocksshd > ports/security/sshblock > ports/security/sshguard-(pf|ipfw|ipfilter) There's also a tool written by me which can be found in security/bruteforceblocker - you may read a bit about it on http://danger.rulez.sk/index.php/bruteforceblocker/. The official release currently works only with pf, but I know there's a person working towards porting it to ipf/ipfw. He recently ported it to iptables and added CIDR support for whitelists, but I haven't had a time to review his changes, however once I get to it I will release a new version. -- Best regards Daniel Geržo