Date: Tue, 25 Aug 2009 17:13:27 +0200 From: peter@bsdly.net (Peter N. M. Hansteen) To: freebsd-pf@freebsd.org Subject: Re: something like bruteblock for pf? Message-ID: <87eir0sz8o.fsf@thingy.bsdly.net> In-Reply-To: <a2b6592c0908221807q24e7f54aka75b561debca63eb@mail.gmail.com> (Igor Mozolevsky's message of "Sun, 23 Aug 2009 02:07:23 %2B0100") References: <a2b6592c0908221807q24e7f54aka75b561debca63eb@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Igor Mozolevsky <mozolevsky@gmail.com> writes: >> I've used bruteblock, which manages ipfw, for blocking SMTP attackers and reducing smtp connects by 10s of 1000s per day. > > [snip] > >> Anybody know of anything similar for pf? > > http://www.bgnett.no/~peter/pf/en/spamd.setup.html OP more likely wants something like state tracking with overload tables, ie http://home.nuug.no/~peter/pf/en/bruteforce.html or similar (yes, please update your bookmarks to point to the nuug site, the bgnett one is getting stale). It's worth noting that the overload tables method is not limited to specific services as long as you can dream up sensible criteria and some useful action to take on the hosts that end up in the overload list. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87eir0sz8o.fsf>