SSH Brute Force attempts
Matthew Seaman
m.seaman at infracaninophile.co.uk
Tue Sep 30 15:07:32 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Oliver Fromme wrote:
| Ollivier Robert <> wrote:
| > According to Henrik Hudson:
| > > Yeap, -security
| > >
| > > However, also try this in pf.conf (specific rules related to this; you'll need
| > > more for a real pf.conf):
| > >
| > > table <badguys> { } persist
| > > block in quick from <badguys>
| > > pass in on $ext_if proto tcp from any to ($ext_if) port ssh keep state
| > > (max-src-conn 5, max-src-conn-rate 4/300, overload <badguys> flush global)
| >
| > That one is very effective.
|
| It's especially effective to enable to DoS you.
| An attacker simply has to spoof the source address
| on SYN packets, which is trivial. :-(
Adding a whitelist of ssh addresses that should never be blocked is equally
trivial....
But, like the perl folk say: TIMTOWTDI.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. Flat 3
~ 7 Priory Courtyard
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
~ Kent, CT11 9PW, UK
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEAREDAAYFAkjiQKsACgkQ3jDkPpsZ+VbzsgCfY64vNfuMhRrGRYgK4rDawWq4
xDwAnRMXY54hiooKCFBp7U/SxILUsxsa
=yQm5
-----END PGP SIGNATURE-----
More information about the freebsd-hackers
mailing list