From owner-freebsd-isp@FreeBSD.ORG Wed Jul 20 20:03:46 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E9DC416A41F for ; Wed, 20 Jul 2005 20:03:46 +0000 (GMT) (envelope-from cdjones@novusordo.net) Received: from correo.novusordo.net (cdjj.org [216.194.85.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id A62B243D45 for ; Wed, 20 Jul 2005 20:03:46 +0000 (GMT) (envelope-from cdjones@novusordo.net) Received: from [127.0.0.1] (cdjj.org [216.194.85.7]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by correo.novusordo.net (Postfix) with ESMTP id 919AD14352; Wed, 20 Jul 2005 14:03:45 -0600 (MDT) Message-ID: <42DEAE1F.8000702@novusordo.net> Date: Wed, 20 Jul 2005 14:03:43 -0600 From: Chris Jones User-Agent: Mozilla Thunderbird 1.0.2 (Macintosh/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Todor Dragnev References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: ssh brute force X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jul 2005 20:03:47 -0000 Todor Dragnev wrote: >I want to block ssh dictionary attack with freebsd. >[...] >Is it posible to make in this way with ipfw, ipf or pf on freebsd ? > > I'm looking at having a script look at SSH's log output for repeated failed connection attempts from the same address, and then blocking that address through pf (I'm not yet sure whether I want to do it temporarily or permanently).