Date: Thu, 21 Jul 2005 12:51:47 +1200 (NZST) From: Andrew McNaughton <andrew@scoop.co.nz> To: Chris Buechler <cbuechler@gmail.com> Cc: freebsd-isp@freebsd.org, Chris Jones <cdjones@novusordo.net>, Todor Dragnev <todor.dragnev@gmail.com> Subject: Re: ssh brute force Message-ID: <20050721124837.M5699@a2.scoop.co.nz> In-Reply-To: <d64aa176050720174322ebc621@mail.gmail.com> References: <f72a639a050719121244719e22@mail.gmail.com> <42DEAE1F.8000702@novusordo.net> <d64aa176050720174322ebc621@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 20 Jul 2005, Chris Buechler wrote: > On 7/20/05, Chris Jones <cdjones@novusordo.net> wrote: >> >> I'm looking at having a script look at SSH's log output for repeated >> failed connection attempts from the same address, and then blocking that >> address through pf (I'm not yet sure whether I want to do it temporarily >> or permanently). Make it temporary. Maybe three hours after 3 successive failures. just slowing down connections is enough to make brute force impractical. Andrew ------------------------------------------------------------------- Andrew McNaughton http://www.scoop.co.nz/ andrew@scoop.co.nz Mobile: +61 422 753 792 -- Of all forms of caution, caution in love is the most fatal -- pgp encrypted mail welcome keyid: 70F6C32D keyserver: pgp.mit.edu 5688 2396 AA81 036A EBAC 2DD4 1BEA 7975 A84F 6686
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050721124837.M5699>