Date: Tue, 11 Apr 2006 21:12:22 -0700 From: Chris Maness <chris@chrismaness.com> To: Jonathan Franks <daemon@taconic.net> Cc: freebsd-questions@freebsd.org Subject: Re: How to Stop Bruit Force ssh Attempts? Message-ID: <443C7E26.2000803@chrismaness.com> In-Reply-To: <894280FF-CB83-4EEA-9CAD-422A34068354@taconic.net> References: <441C45BA.1030106@chrismaness.com> <894280FF-CB83-4EEA-9CAD-422A34068354@taconic.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Jonathan Franks wrote: > > On Mar 18, 2006, at 12:39 PM, Chris Maness wrote: > >> In my auth log I see alot of bruit force attempts to login via ssh. >> Is there a way I can have the box automatically kill any tcp/ ip >> connectivity to hosts that try and fail a given number of times? Is >> there a port or something that I can install to give this kind of >> protection. I'm still kind of a FreeBSD newbie. > > > If you are using PF, you can use source tracking to drop the > offenders in to a table... perhaps after a certain number of attempts > in a given time (say, 5 in a minute). Once you have the table you're > in business... you can block based on it... and then set up a cron > job to copy the table to disk every so often (perhaps once every two > minutes). It works very well for me, YMMV. > > If you don't want to block permanently, you could use cron to flush > the table every so often too... I don't bother though. > > -Jonathan I use a port called DenyHost. It adds an entry to hosts.allow that denies access.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?443C7E26.2000803>