Date: Wed, 20 Jul 2005 11:32:34 +0200 From: Buki <freebsd@dev.null.cz> To: Todor Dragnev <todor.dragnev@gmail.com> Cc: freebsd-isp@freebsd.org Subject: Re: ssh brute force Message-ID: <20050720093234.GX12896@dev.null.cz> In-Reply-To: <f72a639a050719121244719e22@mail.gmail.com> References: <f72a639a050719121244719e22@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jul 19, 2005 at 10:12:52PM +0300, Todor Dragnev wrote: > Hello, Hi, > This email may be is not for this mailing list, but with this problem > more and more ISP have troubles. I want to block ssh dictionary attack > with freebsd. I found nice solution with iptables for linux: > > iptables -A INPUT -p tcp -m state --state ESTABLISHED --tcp-flags FIN,ACK > FIN,ACK --dport 22 -m recent --name sshattack --set > > iptables -A INPUT -p tcp -m state --state ESTABLISHED --tcp-flags RST RST > --dport 22 -m recent --name sshattack --set > > iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60 > --hitcount 4 -m limit --limit 4/minute -j LOG --log-prefix 'SSH attack: ' > > iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60 > --hitcount 4 -j DROP > > Is it posible to make in this way with ipfw, ipf or pf on freebsd ? what about MaxStartups option in sshd_config? > > Regards, > Todor Dragnev > -- > There are no answers, only cross references > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" Buki -- PGP public key: http://dev.null.cz/buki.asc /"\ \ / ASCII Ribbon Campaign X Against HTML & Outlook Mail / \ http://www.thebackrow.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050720093234.GX12896>