Defending against SSH attacks with pf

Christopher Hilton chris at
Tue Apr 24 22:36:01 UTC 2007

Erik Osterholm wrote:
> On Sun, Apr 15, 2007 at 08:02:55PM -0400, Bill Moran wrote:
>> There was some discussion on this list not too long ago, and someone
>> asked if I was willing to make my pf config and the associated scripts
>> I wrote for it public.  I would have posted on the original thread,
>> but I can't find it now.
>> Here is the information:

First: I'm not sure if the group got to it and I'm posting to a very 
stale thread here but I've found that the best way to defeat these 
password scanning ssh bots is to disallow passwords allowing 
public/private key authentication in their stead. Unfortunately this 
isn't always possible. Bill's method is a very close second.

Second: I love the simplicity of the stateless firewall rules in Bill's 
pf.conf. I may have to look at implementing that here.

-- Chris

       __o          "All I was doing was trying to get home from work."
     _`\<,_           -Rosa Parks
Christopher Sean Hilton                    <chris | at |>
         pgp key: D0957A2D/f5 30 0a e1 55 76 9b 1f 47 0b 07 e9 75 0e 14

More information about the freebsd-questions mailing list