ssh brute force
Bob Martin
bob at buckhorn.net
Wed Jul 20 17:36:35 GMT 2005
Has no effect on these attacks. They only start one at a time.
Bob Martin
Buki wrote:
> On Tue, Jul 19, 2005 at 10:12:52PM +0300, Todor Dragnev wrote:
>
>>Hello,
>
>
> Hi,
>
>
>>This email may be is not for this mailing list, but with this problem
>>more and more ISP have troubles. I want to block ssh dictionary attack
>>with freebsd. I found nice solution with iptables for linux:
>>
>>iptables -A INPUT -p tcp -m state --state ESTABLISHED --tcp-flags FIN,ACK
>>FIN,ACK --dport 22 -m recent --name sshattack --set
>>
>>iptables -A INPUT -p tcp -m state --state ESTABLISHED --tcp-flags RST RST
>>--dport 22 -m recent --name sshattack --set
>>
>>iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60
>>--hitcount 4 -m limit --limit 4/minute -j LOG --log-prefix 'SSH attack: '
>>
>>iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60
>>--hitcount 4 -j DROP
>>
>>Is it posible to make in this way with ipfw, ipf or pf on freebsd ?
>
>
> what about MaxStartups option in sshd_config?
>
>
>>Regards,
>>Todor Dragnev
>>--
>>There are no answers, only cross references
>>_______________________________________________
>>freebsd-isp at freebsd.org mailing list
>>http://lists.freebsd.org/mailman/listinfo/freebsd-isp
>>To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>
>
> Buki
More information about the freebsd-isp
mailing list