ssh brute force

Andrew McNaughton andrew at
Thu Jul 21 00:51:54 GMT 2005

On Wed, 20 Jul 2005, Chris Buechler wrote:

> On 7/20/05, Chris Jones <cdjones at> wrote:
>> I'm looking at having a script look at SSH's log output for repeated
>> failed connection attempts from the same address, and then blocking that
>> address through pf (I'm not yet sure whether I want to do it temporarily
>> or permanently).

Make it temporary.  Maybe three hours after 3 successive failures.  just 
slowing down connections is enough to make brute force impractical.


Andrew McNaughton 
andrew at          Mobile: +61 422 753 792

Of all forms of caution, caution in love is the most fatal
pgp encrypted mail welcome
keyid: 70F6C32D      keyserver:
5688 2396 AA81 036A EBAC 2DD4 1BEA 7975 A84F 6686

More information about the freebsd-isp mailing list