auto-blackholing/blacklisting on multiple hacking attempts
Jeremy Chadwick
koitsu at FreeBSD.org
Mon May 26 02:24:48 UTC 2008
On Mon, May 26, 2008 at 02:20:45AM +0100, John . wrote:
> I see this, for example, in my auth log:
>
> May 15 02:00:39 www sshd[9180]: Invalid user web from 201.18.232.30
>
> I'd like it to be so that if an IP tries to connect to sshd more than
> once in a 30 second period, that they are immediately blackholed.
> Should I be using pf for this or would it be done better in some other
> utility?
ports/security/sshguard-pf
ports/security/blocksshd
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |
More information about the freebsd-pf
mailing list