system is under attack (what can I do more?)

Matthew Seaman m.seaman at infracaninophile.co.uk
Fri Jun 18 17:26:59 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 18/06/2010 16:55:14, Jason Dixon wrote:
> Doesn't FreeBSD's version of pf support the overload feature?  This is
> how we typically manage ssh bruteforce attempts in OpenBSD/pf-land.

Sure it does.  pf in FreeBSD 7.2+ or 8.0+ is basically the same as in
OpenBSD 4.3.

Overload works pretty well against bruteforcing, but some of the
bruteforcers are getting wise to that sort of protection and not hitting
an individual machine frequently enough to trigger the lock-out.

Of course, this does mean that they are going slowly enough that they
aren't eating your bandwidth or flooding your log files quite so much,
but it is still annoying.

	Cheers,

	Matthew

- -- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
JID: matthew at infracaninophile.co.uk               Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkwbrFsACgkQ8Mjk52CukIyE7QCeNnNAI7Mr5qMPJJVnlS+qeetA
eIAAn1+KUuNHveo6E2Pcenvb8UQrrvVG
=WMxd
-----END PGP SIGNATURE-----


More information about the freebsd-questions mailing list