From owner-freebsd-pf@FreeBSD.ORG Mon May 26 02:54:24 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5C51310656AB for ; Mon, 26 May 2008 02:54:24 +0000 (UTC) (envelope-from lyndon@orthanc.ca) Received: from orthanc.ca (orthanc.ca [216.40.124.68]) by mx1.freebsd.org (Postfix) with ESMTP id E33A68FC15 for ; Mon, 26 May 2008 02:54:23 +0000 (UTC) (envelope-from lyndon@orthanc.ca) Received: from peregrin.wbb.net.cable.rogers.com (peregrin.wbb.net.cable.rogers.com [74.210.92.116]) (authenticated bits=0) by orthanc.ca (8.14.2/8.14.2) with ESMTP id m4Q2J75M084406; Sun, 25 May 2008 19:19:08 -0700 (PDT) (envelope-from lyndon@orthanc.ca) Message-Id: From: Lyndon Nerenberg To: "John ." In-Reply-To: Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v919.2) Date: Sun, 25 May 2008 19:19:06 -0700 References: X-Mailer: Apple Mail (2.919.2) X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=failed version=3.2.3 X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on orthanc.ca Cc: freebsd-pf@freebsd.org Subject: Re: auto-blackholing/blacklisting on multiple hacking attempts X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 May 2008 02:54:24 -0000 > > I'd like it to be so that if an IP tries to connect to sshd more than > once in a 30 second period, that they are immediately blackholed. > Should I be using pf for this or would it be done better in some other > utility? /usr/ports/security/bruteforceblocker.