Date: Tue, 11 Apr 2006 21:35:08 -0400 From: Jonathan Franks <daemon@taconic.net> To: Chris Maness <chris@chrismaness.com> Cc: freebsd-questions@freebsd.org Subject: Re: How to Stop Bruit Force ssh Attempts? Message-ID: <894280FF-CB83-4EEA-9CAD-422A34068354@taconic.net> In-Reply-To: <441C45BA.1030106@chrismaness.com> References: <441C45BA.1030106@chrismaness.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mar 18, 2006, at 12:39 PM, Chris Maness wrote: > In my auth log I see alot of bruit force attempts to login via > ssh. Is there a way I can have the box automatically kill any tcp/ > ip connectivity to hosts that try and fail a given number of > times? Is there a port or something that I can install to give > this kind of protection. I'm still kind of a FreeBSD newbie. If you are using PF, you can use source tracking to drop the offenders in to a table... perhaps after a certain number of attempts in a given time (say, 5 in a minute). Once you have the table you're in business... you can block based on it... and then set up a cron job to copy the table to disk every so often (perhaps once every two minutes). It works very well for me, YMMV. If you don't want to block permanently, you could use cron to flush the table every so often too... I don't bother though. -Jonathan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?894280FF-CB83-4EEA-9CAD-422A34068354>