Date: Sat, 8 Apr 2023 16:40:07 +0200 (CEST) From: freebsd@oldach.net (Helge Oldach) To: bofh@freebsd.org (Moin Rahman) Cc: ports@freebsd.org, pete@nomadlogic.org Subject: Re: security/portsentry removal Message-ID: <202304081440.338Ee79H007421@nuc.oldach.net> In-Reply-To: <23E20653-1D31-40F6-91DA-3797475379E1@freebsd.org> from Moin Rahman at "8 Apr 2023 16:16:33"
next in thread | previous in thread | raw e-mail | index | archive | help
Moin Rahman wrote on Sat, 08 Apr 2023 16:16:33 +0200 (CEST): > > On Apr 8, 2023, at 3:55 PM, Pete Wright <pete@nomadlogic.org> wrote: > > would blacklistd(8) meet your requirements? i use it to block ssh login spammers with decent success. its part of the base system as well, but does require pf. blacklistd(8) works nicely with ipfw as well: Touch /etc/ipfw-blacklist.rc > blacklistd is a good product as it's available out of the box however from my experience fail2ban does a better job. So far I recall blacklistd is supported only by ssh and postfix. and sendmail. > One more thing is blacklistd does not detect brute for attack of invalid users in ssh. It's effectively a massive slow-down of such attacks - same logic as fail2ban. What it doesn't do (and that's the original request) is listen to non open ports. I wonder why that would provide anything useful though. Kind regards Helge
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202304081440.338Ee79H007421>