From owner-freebsd-stable@FreeBSD.ORG  Wed Apr 12 03:36:56 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7DCC516A403
	for <freebsd-stable@freebsd.org>; Wed, 12 Apr 2006 03:36:56 +0000 (UTC)
	(envelope-from adam@thegeeklord.com)
Received: from spunkymail-a13.dreamhost.com (mailbigip.dreamhost.com
	[208.97.132.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 164BB43D46
	for <freebsd-stable@freebsd.org>; Wed, 12 Apr 2006 03:36:55 +0000 (GMT)
	(envelope-from adam@thegeeklord.com)
Received: from [192.168.0.10] (c-24-34-72-209.hsd1.ma.comcast.net
	[24.34.72.209])
	by spunkymail-a13.dreamhost.com (Postfix) with ESMTP id C0862129ADB
	for <freebsd-stable@freebsd.org>; Tue, 11 Apr 2006 20:36:55 -0700 (PDT)
Message-ID: <443C75BD.6030801@thegeeklord.com>
Date: Tue, 11 Apr 2006 23:36:29 -0400
From: Adam Stroud <adam@thegeeklord.com>
User-Agent: Thunderbird 1.5 (X11/20060406)
MIME-Version: 1.0
Cc: freebsd-stable@freebsd.org
References: <443B6FC8.8080503@egonflower.com>	<20060411170437.GD66947@dimma.mow.oilspace.com>	<1426257861.20060411192904@rulez.sk>	<5ad23a300604111049i49d93cf7g1238512e7d372210@mail.gmail.com>
	<443BFB00.3090101@freebsdbrasil.com.br>
In-Reply-To: <443BFB00.3090101@freebsdbrasil.com.br>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: bruteforce
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Apr 2006 03:36:56 -0000

I have been using pf (on an OpenBSD box) to automatically block 
offending IP address using pf and it seems to work well for me.  
Basically when an attackers tries to connect x number of times in y 
minutes, I have the firewall set up to block the automatically.

Works like a charm.
A

Patrick Tracanelli wrote:
> Jordan Sissel wrote:
>> On 4/11/06, Daniel Gerzo <danger@rulez.sk> wrote:
>>
>>> Hello Dmitriy,
>>>
>>> Tuesday, April 11, 2006, 7:04:37 PM, you typed the following:
>>>
>>>
>>>> On Tue, Apr 11, 2006 at 10:58:48AM +0200, Matteo 'egon' Baldi wrote:
>>>>
>>>>> Hy, I'm triing to find a solution to bruteforce attack, mostly on 
>>>>> port
>>>
>>> 22, without
>>>
>>>>> moving services on different ports.
>>>
>>>> try to use
>>>> /usr/ports/security/sshit
>>>
>>> maybe security/bruteforceblocker
>>
>>
>>
>> If you're looking for something with a more generalized approach, 
>> check out
>> sysutils/grok. It comes with examples that block brute force efforts, 
>> and
>> can do much more.
>
> Doesnt open sshd itself has a feature which blocks or imposes a delay 
> upon a number of failed logins from the same address?
>