Date: Mon, 26 May 2008 18:31:39 +0200 From: peter@bsdly.net (Peter N. M. Hansteen) To: freebsd-pf@freebsd.org Subject: Re: auto-blackholing/blacklisting on multiple hacking attempts Message-ID: <87mymdm3h0.fsf@thingy.bsdly.net> In-Reply-To: <abc784790805251820x62a763aem67d262b1a103f41c@mail.gmail.com> (John .'s message of "Mon, 26 May 2008 02:20:45 %2B0100") References: <abc784790805251820x62a763aem67d262b1a103f41c@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"John ." <comp.john@googlemail.com> writes: > I'd like it to be so that if an IP tries to connect to sshd more than > once in a 30 second period, that they are immediately blackholed. > Should I be using pf for this or would it be done better in some other > utility? PF offers a very flexible mechanism for that, via state tracking options. See eg http://home.nuug.no/~peter/pf/en/bruteforce.html for a walkthrough. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87mymdm3h0.fsf>