From owner-freebsd-isp@FreeBSD.ORG Wed Jul 20 09:32:37 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DC72316A41F for ; Wed, 20 Jul 2005 09:32:37 +0000 (GMT) (envelope-from buki@dev.null.cz) Received: from dev.null.cz (dev.null.cz [193.85.228.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5190243D48 for ; Wed, 20 Jul 2005 09:32:36 +0000 (GMT) (envelope-from buki@dev.null.cz) Received: from dev.null.cz (localhost [127.0.0.1]) by dev.null.cz (8.13.1/8.13.1) with ESMTP id j6K9WYva040935 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 20 Jul 2005 11:32:34 +0200 (CEST) (envelope-from buki@dev.null.cz) Received: (from buki@localhost) by dev.null.cz (8.13.1/8.13.1/Submit) id j6K9WYSq040934; Wed, 20 Jul 2005 11:32:34 +0200 (CEST) (envelope-from buki) Date: Wed, 20 Jul 2005 11:32:34 +0200 From: Buki To: Todor Dragnev Message-ID: <20050720093234.GX12896@dev.null.cz> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.9i X-Virus-Scanned: ClamAV 0.86.1/984/Tue Jul 19 11:16:09 2005 on dev.null.cz X-Virus-Status: Clean Cc: freebsd-isp@freebsd.org Subject: Re: ssh brute force X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jul 2005 09:32:38 -0000 On Tue, Jul 19, 2005 at 10:12:52PM +0300, Todor Dragnev wrote: > Hello, Hi, > This email may be is not for this mailing list, but with this problem > more and more ISP have troubles. I want to block ssh dictionary attack > with freebsd. I found nice solution with iptables for linux: > > iptables -A INPUT -p tcp -m state --state ESTABLISHED --tcp-flags FIN,ACK > FIN,ACK --dport 22 -m recent --name sshattack --set > > iptables -A INPUT -p tcp -m state --state ESTABLISHED --tcp-flags RST RST > --dport 22 -m recent --name sshattack --set > > iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60 > --hitcount 4 -m limit --limit 4/minute -j LOG --log-prefix 'SSH attack: ' > > iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60 > --hitcount 4 -j DROP > > Is it posible to make in this way with ipfw, ipf or pf on freebsd ? what about MaxStartups option in sshd_config? > > Regards, > Todor Dragnev > -- > There are no answers, only cross references > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" Buki -- PGP public key: http://dev.null.cz/buki.asc /"\ \ / ASCII Ribbon Campaign X Against HTML & Outlook Mail / \ http://www.thebackrow.net