repeated ssh login attempts/failure/break-in attempts from
kiddy script
Peter N. M. Hansteen
peter at bgnett.no
Sun Apr 2 20:34:37 UTC 2006
Nathan Vidican <nvidican at wmptl.com> writes:
> ie: after 4 failed attempts from IP _BLANK_ in less than _BLANK_ minutes, deny
> all attempts and drop connection from said IP... possible?
using pf, this is astoundingly easy, see eg
http://www.bgnett.no/~peter/pf/en/bruteforce.html
If you go down this route, you might want to use expiretable
(/usr/ports/security/expiretable) to trim the contents of the table
after a while (I tend to use 24 hours expiry).
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"
20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 seconds.
More information about the freebsd-questions
mailing list