From owner-freebsd-isp@FreeBSD.ORG Wed Jul 20 17:36:35 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CAE1516A41F for ; Wed, 20 Jul 2005 17:36:35 +0000 (GMT) (envelope-from bob@buckhorn.net) Received: from whitehall.lin-tech.net (whitehall.lin-tech.net [66.118.35.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8883343D48 for ; Wed, 20 Jul 2005 17:36:35 +0000 (GMT) (envelope-from bob@buckhorn.net) Received: from [192.168.1.125] (unknown [64.8.96.140]) by whitehall.lin-tech.net (Postfix) with ESMTP id 34A242500D; Wed, 20 Jul 2005 12:36:28 -0500 (CDT) Message-ID: <42DE8B96.3080409@buckhorn.net> Date: Wed, 20 Jul 2005 12:36:22 -0500 From: Bob Martin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041217 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Buki References: <20050720093234.GX12896@dev.null.cz> In-Reply-To: <20050720093234.GX12896@dev.null.cz> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at spamcontrol Cc: freebsd-isp@freebsd.org, Todor Dragnev Subject: Re: ssh brute force X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jul 2005 17:36:35 -0000 Has no effect on these attacks. They only start one at a time. Bob Martin Buki wrote: > On Tue, Jul 19, 2005 at 10:12:52PM +0300, Todor Dragnev wrote: > >>Hello, > > > Hi, > > >>This email may be is not for this mailing list, but with this problem >>more and more ISP have troubles. I want to block ssh dictionary attack >>with freebsd. I found nice solution with iptables for linux: >> >>iptables -A INPUT -p tcp -m state --state ESTABLISHED --tcp-flags FIN,ACK >>FIN,ACK --dport 22 -m recent --name sshattack --set >> >>iptables -A INPUT -p tcp -m state --state ESTABLISHED --tcp-flags RST RST >>--dport 22 -m recent --name sshattack --set >> >>iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60 >>--hitcount 4 -m limit --limit 4/minute -j LOG --log-prefix 'SSH attack: ' >> >>iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60 >>--hitcount 4 -j DROP >> >>Is it posible to make in this way with ipfw, ipf or pf on freebsd ? > > > what about MaxStartups option in sshd_config? > > >>Regards, >>Todor Dragnev >>-- >>There are no answers, only cross references >>_______________________________________________ >>freebsd-isp@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-isp >>To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > > Buki