How to Stop Bruit Force ssh Attempts?
John Cruz
cruzweb at gmail.com
Wed Apr 12 04:27:42 UTC 2006
I used to have problems with brute force attempts as well. I just
changed the port that SSH uses (TCP/IP port, not "ports collection"
port) and the problems have stopped. I made it something that means
something to me and maybe not others, so it's a simple and powerful way
of getting the job done.
-John
Chris Maness wrote:
> Jonathan Franks wrote:
>
>>
>> On Mar 18, 2006, at 12:39 PM, Chris Maness wrote:
>>
>>> In my auth log I see alot of bruit force attempts to login via
>>> ssh. Is there a way I can have the box automatically kill any tcp/
>>> ip connectivity to hosts that try and fail a given number of
>>> times? Is there a port or something that I can install to give
>>> this kind of protection. I'm still kind of a FreeBSD newbie.
>>
>>
>> If you are using PF, you can use source tracking to drop the
>> offenders in to a table... perhaps after a certain number of
>> attempts in a given time (say, 5 in a minute). Once you have the
>> table you're in business... you can block based on it... and then
>> set up a cron job to copy the table to disk every so often (perhaps
>> once every two minutes). It works very well for me, YMMV.
>>
>> If you don't want to block permanently, you could use cron to flush
>> the table every so often too... I don't bother though.
>>
>> -Jonathan
>
> I use a port called DenyHost. It adds an entry to hosts.allow that
> denies access.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list