Date: Sat, 19 Aug 2006 14:31:58 -0700 (PDT) From: Lyndon Nerenberg <lyndon@orthanc.ca> To: Pieter de Boer <pieter@thedarkside.nl> Cc: freebsd-security@freebsd.org Subject: Re: SSH scans vs connection ratelimiting Message-ID: <20060819142846.N45201@orthanc.ca> In-Reply-To: <44E76B21.8000409@thedarkside.nl> References: <44E76B21.8000409@thedarkside.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Take a look at /usr/ports/security/bruteforceblocker. It monitors the system log for failed ssh logins, and blocks the sites via pf. It's reasonably configurable, and works very well. I've been running it for months without trouble. Note that it lets you whitelist specific hosts to prevent against someone DOSing you by forging your IP address. --lyndon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060819142846.N45201>