auto-blackholing/blacklisting on multiple hacking attempts
Peter N. M. Hansteen
peter at bsdly.net
Mon May 26 16:31:42 UTC 2008
"John ." <comp.john at googlemail.com> writes:
> I'd like it to be so that if an IP tries to connect to sshd more than
> once in a 30 second period, that they are immediately blackholed.
> Should I be using pf for this or would it be done better in some other
> utility?
PF offers a very flexible mechanism for that, via state tracking options.
See eg http://home.nuug.no/~peter/pf/en/bruteforce.html for a walkthrough.
- P
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
More information about the freebsd-pf
mailing list