How to Stop Bruit Force ssh Attempts?

John Cruz cruzweb at
Wed Apr 12 04:27:42 UTC 2006

I used to have problems with brute force attempts as well. I just 
changed the port that SSH uses (TCP/IP  port, not "ports collection" 
port) and the problems have stopped. I made it something that means 
something to me and maybe not others, so it's a simple and powerful way 
of getting the job done.


Chris Maness wrote:
> Jonathan Franks wrote:
>> On Mar 18, 2006, at 12:39 PM, Chris Maness wrote:
>>> In my auth log I see alot of bruit force attempts to login via  
>>> ssh.  Is there a way I can have the box automatically kill any tcp/ 
>>> ip connectivity to hosts that try and fail a given number of  
>>> times?  Is there a port or something that I can install to give  
>>> this kind of protection.  I'm still kind of a FreeBSD newbie.
>> If you are using PF, you can use source tracking to drop the  
>> offenders in to a table... perhaps after a certain number of 
>> attempts  in a given time (say, 5 in a minute). Once you have the 
>> table you're  in business... you can block based on it... and then 
>> set up a cron  job to copy the table to disk every so often (perhaps 
>> once every two  minutes). It works very well for me, YMMV.
>> If you don't want to block permanently, you could use cron to flush  
>> the table every so often too... I don't bother though.
>> -Jonathan
> I use a port called DenyHost.  It adds an entry to hosts.allow that 
> denies access.
> _______________________________________________
> freebsd-questions at mailing list
> To unsubscribe, send any mail to 
> "freebsd-questions-unsubscribe at"

More information about the freebsd-questions mailing list