ssh brute force
Buki
freebsd at dev.null.cz
Wed Jul 20 09:32:38 GMT 2005
On Tue, Jul 19, 2005 at 10:12:52PM +0300, Todor Dragnev wrote:
> Hello,
Hi,
> This email may be is not for this mailing list, but with this problem
> more and more ISP have troubles. I want to block ssh dictionary attack
> with freebsd. I found nice solution with iptables for linux:
>
> iptables -A INPUT -p tcp -m state --state ESTABLISHED --tcp-flags FIN,ACK
> FIN,ACK --dport 22 -m recent --name sshattack --set
>
> iptables -A INPUT -p tcp -m state --state ESTABLISHED --tcp-flags RST RST
> --dport 22 -m recent --name sshattack --set
>
> iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60
> --hitcount 4 -m limit --limit 4/minute -j LOG --log-prefix 'SSH attack: '
>
> iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60
> --hitcount 4 -j DROP
>
> Is it posible to make in this way with ipfw, ipf or pf on freebsd ?
what about MaxStartups option in sshd_config?
>
> Regards,
> Todor Dragnev
> --
> There are no answers, only cross references
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
Buki
--
PGP public key: http://dev.null.cz/buki.asc
/"\
\ / ASCII Ribbon Campaign
X Against HTML & Outlook Mail
/ \ http://www.thebackrow.net
More information about the freebsd-isp
mailing list