Thousands of ssh probes

Matthias Fechner idefix at
Fri Mar 5 17:52:01 UTC 2010


Am 05.03.2010 18:10, schrieb John:
> I have just switched to pf from ipfw, so I am still learning the
> nuances and style points.

I switched now to security/sshguard-pf.
It works perfectly and blocks also via pf.
Blocking is working there with:

table <sshguard> persist
block in log quick proto tcp from <sshguard> to any label "ssh
bruteforce" probability 85%

So I let 15% of the pakets through in the hope that will slow down this
brute force attacks and I can protect in this step other hosts.
Hopefully the attacker keeps then longer in my tarpit.



"Programming today is a race between software engineers striving to
build bigger and better idiot-proof programs, and the universe trying to
produce bigger and better idiots. So far, the universe is winning." --
Rich Cook

More information about the freebsd-questions mailing list