Thousands of ssh probes
Matthias Fechner
idefix at fechner.net
Fri Mar 5 17:52:01 UTC 2010
Hi,
Am 05.03.2010 18:10, schrieb John:
> I have just switched to pf from ipfw, so I am still learning the
> nuances and style points.
I switched now to security/sshguard-pf.
It works perfectly and blocks also via pf.
Blocking is working there with:
table <sshguard> persist
block in log quick proto tcp from <sshguard> to any label "ssh
bruteforce" probability 85%
So I let 15% of the pakets through in the hope that will slow down this
brute force attacks and I can protect in this step other hosts.
Hopefully the attacker keeps then longer in my tarpit.
Bye
Matthias
--
"Programming today is a race between software engineers striving to
build bigger and better idiot-proof programs, and the universe trying to
produce bigger and better idiots. So far, the universe is winning." --
Rich Cook
More information about the freebsd-questions
mailing list