preventing ssh brute force attacks, swatch and users and table
Gergely CZUCZY
phoemix at harmless.hu
Tue Apr 24 19:26:56 UTC 2007
On Tue, Apr 24, 2007 at 09:16:49PM +0300, Andrei Kolu wrote:
> On Tuesday 24 April 2007 21:00:41 Dave wrote:
> > Hello,
> > I've got a machine running ssh and i'm trying to cut down on brute
> > force attacks on it. I'm running pf on a freebsd 6.2 box and have added in
> > swatch to try to curve these attacks. The problem is nothing is being added
> > to either the memory hackers table nor the ondisk copy of it. I know i'm
> > getting hits because i'm seeing entries in my auth.log like this:
> >
> > Apr 21 06:18:38 zeus sshd[10609]: Did not receive identification string
> > from 125.33.163.188
I've used a pf ruleset to block too intensive connect attempts to
my sshd, as it was documented in the openbsd FAQ. I block IPs
permanently, and if someone was blocked due to too intensive
ssh-ing, then the IP will absolutely be blocked, globally.
I auto-save this table, and it's an append-only one.
This is a really easy policy, works great.
Bye,
Gergely Czuczy
mailto: gergely.czuczy at harmless.hu
--
Weenies test. Geniuses solve problems that arise.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 1300 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20070424/c02e6989/attachment.pgp
More information about the freebsd-pf
mailing list