Defending against SSH attacks with pf
Bill Moran
wmoran at potentialtech.com
Mon Apr 16 00:24:13 UTC 2007
"Juha Saarinen" <juhasaarinen at gmail.com> wrote:
>
> On 4/16/07, Bill Moran <wmoran at potentialtech.com> wrote:
> >
> > There was some discussion on this list not too long ago, and someone
> > asked if I was willing to make my pf config and the associated scripts
> > I wrote for it public. I would have posted on the original thread,
> > but I can't find it now.
> >
> > Here is the information:
> > http://www.potentialtech.com/cms/node/16
>
> Useful, but the bots have started to use longer intervals between
> connection attempts now. The intervals are not yet randomised though.
>
> $ sudo pfctl -t sshbrute -T show | wc
> 234 234 4023
>
> Ugh. That's in just under two months.
If you read the whole thing, you'll see that I don't rely on the
throttling alone. I have a script that adds IPs when invalid user
names are attempted. I'm considering writing more, but just haven't
gotten to it yet.
--
Bill Moran
http://www.potentialtech.com
More information about the freebsd-questions
mailing list