Defending against SSH attacks with pf
wmoran at potentialtech.com
Mon Apr 16 00:24:13 UTC 2007
"Juha Saarinen" <juhasaarinen at gmail.com> wrote:
> On 4/16/07, Bill Moran <wmoran at potentialtech.com> wrote:
> > There was some discussion on this list not too long ago, and someone
> > asked if I was willing to make my pf config and the associated scripts
> > I wrote for it public. I would have posted on the original thread,
> > but I can't find it now.
> > Here is the information:
> > http://www.potentialtech.com/cms/node/16
> Useful, but the bots have started to use longer intervals between
> connection attempts now. The intervals are not yet randomised though.
> $ sudo pfctl -t sshbrute -T show | wc
> 234 234 4023
> Ugh. That's in just under two months.
If you read the whole thing, you'll see that I don't rely on the
throttling alone. I have a script that adds IPs when invalid user
names are attempted. I'm considering writing more, but just haven't
gotten to it yet.
More information about the freebsd-questions