Blocking a slow-burning SSH bruteforce

krad kraduk at
Sat Jan 2 12:01:31 UTC 2010

2010/1/1 J65nko <j65nko at>

> After some posts a discussion on the freebsd-table mailing list goes into
> several approaches to deal with these SSH probes.
> See
> You still could allow outgoing ssh traffic on port 22 and allow
> incoming SSH on another port.
> Adriaan
> _______________________________________________
> freebsd-questions at mailing list
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at"

one thing i have done in the past is severly lock down ssh to a small set of
ips with pf. I then ran openvpn to allow me to access from random places,
and left the acl on that fairly loose. Everything was also based on keys and

Another way to do it is purchase a cheap shell somewhere, and use it to
bounce off to get to your box. Your machine can then be acl'ed up well. Make
sure to use agent forwarding though just in case anyone is running key
logging etc on the remote shell

More information about the freebsd-questions mailing list