Date: Wed, 20 Jul 2005 12:36:22 -0500 From: Bob Martin <bob@buckhorn.net> To: Buki <freebsd@dev.null.cz> Cc: freebsd-isp@freebsd.org, Todor Dragnev <todor.dragnev@gmail.com> Subject: Re: ssh brute force Message-ID: <42DE8B96.3080409@buckhorn.net> In-Reply-To: <20050720093234.GX12896@dev.null.cz> References: <f72a639a050719121244719e22@mail.gmail.com> <20050720093234.GX12896@dev.null.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
Has no effect on these attacks. They only start one at a time. Bob Martin Buki wrote: > On Tue, Jul 19, 2005 at 10:12:52PM +0300, Todor Dragnev wrote: > >>Hello, > > > Hi, > > >>This email may be is not for this mailing list, but with this problem >>more and more ISP have troubles. I want to block ssh dictionary attack >>with freebsd. I found nice solution with iptables for linux: >> >>iptables -A INPUT -p tcp -m state --state ESTABLISHED --tcp-flags FIN,ACK >>FIN,ACK --dport 22 -m recent --name sshattack --set >> >>iptables -A INPUT -p tcp -m state --state ESTABLISHED --tcp-flags RST RST >>--dport 22 -m recent --name sshattack --set >> >>iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60 >>--hitcount 4 -m limit --limit 4/minute -j LOG --log-prefix 'SSH attack: ' >> >>iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60 >>--hitcount 4 -j DROP >> >>Is it posible to make in this way with ipfw, ipf or pf on freebsd ? > > > what about MaxStartups option in sshd_config? > > >>Regards, >>Todor Dragnev >>-- >>There are no answers, only cross references >>_______________________________________________ >>freebsd-isp@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-isp >>To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > > Buki
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42DE8B96.3080409>