How to Stop Bruit Force ssh Attempts?
Chris Maness
chris at chrismaness.com
Wed Apr 12 04:13:14 UTC 2006
Jonathan Franks wrote:
>
> On Mar 18, 2006, at 12:39 PM, Chris Maness wrote:
>
>> In my auth log I see alot of bruit force attempts to login via ssh.
>> Is there a way I can have the box automatically kill any tcp/ ip
>> connectivity to hosts that try and fail a given number of times? Is
>> there a port or something that I can install to give this kind of
>> protection. I'm still kind of a FreeBSD newbie.
>
>
> If you are using PF, you can use source tracking to drop the
> offenders in to a table... perhaps after a certain number of attempts
> in a given time (say, 5 in a minute). Once you have the table you're
> in business... you can block based on it... and then set up a cron
> job to copy the table to disk every so often (perhaps once every two
> minutes). It works very well for me, YMMV.
>
> If you don't want to block permanently, you could use cron to flush
> the table every so often too... I don't bother though.
>
> -Jonathan
I use a port called DenyHost. It adds an entry to hosts.allow that
denies access.
More information about the freebsd-questions
mailing list