Date: Fri, 05 Mar 2010 18:51:42 +0100 From: Matthias Fechner <idefix@fechner.net> To: freebsd-questions@freebsd.org Subject: Re: Thousands of ssh probes Message-ID: <4B9144AE.8070909@fechner.net> In-Reply-To: <20100305171003.GA18881@elwood.starfire.mn.org> References: <20100305125446.GA14774@elwood.starfire.mn.org> <4B910139.1080908@joseph-a-nagy-jr.us> <20100305132604.GC14774@elwood.starfire.mn.org> <F4960422-5F59-4FF4-A2E4-1F0A4772B78B@olivent.com> <20100305154439.GA17456@elwood.starfire.mn.org> <4B912ADC.1040802@infracaninophile.co.uk> <4B91375A.4020503@fechner.net> <4B913983.30900@infracaninophile.co.uk> <20100305171003.GA18881@elwood.starfire.mn.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Am 05.03.2010 18:10, schrieb John: > I have just switched to pf from ipfw, so I am still learning the > nuances and style points. I switched now to security/sshguard-pf. It works perfectly and blocks also via pf. Blocking is working there with: table <sshguard> persist block in log quick proto tcp from <sshguard> to any label "ssh bruteforce" probability 85% So I let 15% of the pakets through in the hope that will slow down this brute force attacks and I can protect in this step other hosts. Hopefully the attacker keeps then longer in my tarpit. Bye Matthias -- "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning." -- Rich Cook
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B9144AE.8070909>