ssh brute force
Andrew McNaughton
andrew at scoop.co.nz
Thu Jul 21 00:51:54 GMT 2005
On Wed, 20 Jul 2005, Chris Buechler wrote:
> On 7/20/05, Chris Jones <cdjones at novusordo.net> wrote:
>>
>> I'm looking at having a script look at SSH's log output for repeated
>> failed connection attempts from the same address, and then blocking that
>> address through pf (I'm not yet sure whether I want to do it temporarily
>> or permanently).
Make it temporary. Maybe three hours after 3 successive failures. just
slowing down connections is enough to make brute force impractical.
Andrew
-------------------------------------------------------------------
Andrew McNaughton http://www.scoop.co.nz/
andrew at scoop.co.nz Mobile: +61 422 753 792
--
Of all forms of caution, caution in love is the most fatal
--
pgp encrypted mail welcome
keyid: 70F6C32D keyserver: pgp.mit.edu
5688 2396 AA81 036A EBAC 2DD4 1BEA 7975 A84F 6686
More information about the freebsd-isp
mailing list