Thousands of ssh probes

Matthias Fechner idefix at
Fri Mar 5 16:55:12 UTC 2010


Am 05.03.10 17:01, schrieb Matthew Seaman:
> table <ssh-bruteforce> persist
> [...near the top of the rules section...]
> block drop in log quick on $ext_if from<ssh-bruteforce>
> [...later in the rules section...]
> pass in on $ext_if proto tcp      \
>       from any to $ext_if port ssh \
>       flags S/SA keep state        \
>       (max-src-conn-rate 3/30, overload<ssh-bruteforce>  flush global)

that is dangarous, if you use subversion over ssh you will sometimes get 
more then 10 requests in 30 seconds.
That means you will also block users they are allowed to connect.


"Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning." -- Rich Cook

More information about the freebsd-questions mailing list