Date: Tue, 14 Nov 2006 08:37:32 +0100 From: peter@bgnett.no (Peter N. M. Hansteen) To: freebsd-questions@freebsd.org Subject: Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong? Message-ID: <8764di7a2r.fsf@thingy.datadok.no> In-Reply-To: <4558D2A3.50904@locolomo.org> (Erik Norgaard's message of "Mon, 13 Nov 2006 21:16:35 %2B0100") References: <4558D2A3.50904@locolomo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Erik Norgaard <norgaard@locolomo.org> writes: > Honestly, I wouldn't worry about it: review your config and make some > simple choices to reduce the noise, see this article: One other noise reduction method which is really easy to implement is to use pf and write arule set which to uses the overload feature, see eg http://home.nuug.no/~peter/pf/en/bruteforce.html (part of my EuroBSDCon and other places tutorial). See http://home.nuug.no/~peter/pf/ for a choice of formats and languages. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales" 20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 seconds
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8764di7a2r.fsf>