Protecting SSH from brute force attacks
v.velox at vvelox.net
Thu Oct 7 17:24:41 PDT 2004
On Thu, 7 Oct 2004 15:15:25 -0700 (PDT)
Luke <luked at pobox.com> wrote:
> There are several script kiddies out there hitting my SSH server
> every day. Sometimes they attempt to brute-force their way in
> trying new logins every second or so for hours at a time. Given
> enough time, I fear they will eventually get in.
> Is there anything I can do to hinder them?
> I'd like to ban the IP after 50 failed attempts or something. I'd
> heard that each failed attempt from a source was supposed to make
> the daemon respond slower each time, thus limiting the usefulness of
> brute force attacks, but I'm not seeing that behavior.
I forget where in /etc it is, but look into setting up something that
allows a certian number of failed logins before locking that IP/term
out for a few minutes.... and if it is constantly from the same place
look into calling their ISP or the like.
Or in a few cases, like I have done in a few cases, and a deny from
any to any for that chunk of the net...
man login.conf for more info :)
More information about the freebsd-questions