auth.log & intruder prevention
Ilias Sachpazidis
isachpaz at igd.fhg.de
Tue Jan 24 14:40:22 PST 2006
We are talking about a few users and nobody has a permanent IP.
-IS
-----Original Message-----
From: Dan O'Connor [mailto:dan at ferrarishields.com]
Sent: Dienstag, 24. Januar 2006 22:29
To: Ilias.Sachpazidis at igd.fraunhofer.de
Subject: Re: auth.log & intruder prevention
> I am wondering if any script is available to prevent hundreds of
> attempts on
> port 22 from external IPs that constantly checking user & passwords on
> my
> FreeBSD PCs.
I can't help you with a greylist solution, but how many users do you
have that ssh in from the outside?
If you don't have too many, and they come from stable IP addresses, you
could always set up firewall rules to allow specific connections and
block other attempts to connect to port 22:
# My Trusted SSH Sites
dan="123.45.67.89"
jim="234.56.78.90"
. . .
# SSH Login - Allow only trusted incoming on outside interface
${fwcmd} add pass log tcp from ${dan} to any 22 in via ${oif} setup
${fwcmd} add pass log tcp from ${jim} to any 22 in via ${oif} setup
. . .
${fwcmd} add deny log tcp from any to any 22 in via ${oif} setup
~Dan
--
FreeBSD Cheat Sheets
http://www.mostgraveconcern.com/freebsd/
More information about the freebsd-questions
mailing list