Auto blacklist ssh connections ...
eculp at casasponti.net
eculp at casasponti.net
Thu Sep 18 13:20:07 UTC 2008
Quoting andrew clarke <mail at ozzmosis.com>:
> On Wed 2008-09-17 19:36:02 UTC-0400, Tom Marchand
> (m0rchand at comcast.net) wrote:
>
>>> Does anyone know of a utility that I can use with sshd to auto-block
>>> by IP if there are more then N failed attempts in a row?
>
>> Why don't you have sshd listen on a different port?
>
> I imagine that on some hosts where there are multiple users/customers,
> moving sshd to another port isn't a practical solution due to people's
> habits in trying to connect to the default port. A human problem
> rather than a technical one.
>
> PS. Top posting is cruel.
I`ve been more or less watching this thread and haven't seen the use
of the ssh-bruteforce rules from the pf on line howtos being
recommended. In my own case pf, in addition to a couple of other
changes, has worked well for us. In the other changes mentioned we
have also changed the ssh port that doesn't add security but has
basically stopped logfiles full of dictionary attempts from what I
expect are windows machines that have been violated and are being used
to find more.
I would highly recommend pf brutforce rules or something similar with
other firewalls.
ed
More information about the freebsd-questions
mailing list