How to Stop Bruit Force ssh Attempts?

Kris Anderson ciscoaix at
Sat Mar 18 22:38:00 UTC 2006

--- Chris Maness <chris at> wrote:

> In my auth log I see alot of bruit force attempts to
> login via ssh.  Is 
> there a way I can have the box automatically kill
> any tcp/ip 
> connectivity to hosts that try and fail a given
> number of times?  Is 
> there a port or something that I can install to give
> this kind of 
> protection.  I'm still kind of a FreeBSD newbie.
> Thanks,
> Chris Maness

Hey there,
A couple of things you could try. I believe there is a
port that watches log files, utilizing that you could
create a script to add the IP to your firewall rules
then after a time remove it.

The other way is to use snort_inline and see how that

Hope that helps.

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

More information about the freebsd-questions mailing list