Thousands of ssh probes
Matthias Fechner
idefix at fechner.net
Fri Mar 5 16:55:12 UTC 2010
Hi,
Am 05.03.10 17:01, schrieb Matthew Seaman:
> table <ssh-bruteforce> persist
> [...near the top of the rules section...]
> block drop in log quick on $ext_if from<ssh-bruteforce>
>
> [...later in the rules section...]
> pass in on $ext_if proto tcp \
> from any to $ext_if port ssh \
> flags S/SA keep state \
> (max-src-conn-rate 3/30, overload<ssh-bruteforce> flush global)
>
that is dangarous, if you use subversion over ssh you will sometimes get
more then 10 requests in 30 seconds.
That means you will also block users they are allowed to connect.
Gruss,
Matthias
--
"Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning." -- Rich Cook
More information about the freebsd-questions
mailing list