bruteforce protection howto
Jamie Griffin
Jamie at fantomatic.co.uk
Sat Mar 20 22:59:33 UTC 2010
> Two pc's:
> 1 - router
> 2 - logger
> Situation: someone tries to bruteforce into a server, and the logger
> get's a log about it [e.g.: ssh login failed].
> What's the best method to ban that ip [what is bruteforcig a server]
> what was logged on the logger?
> I need to ban the ip on the router pc.
>
> How can i send the bad ip to the router, to ban it?
I was asking about this earlier, I went with pf which is already in the base system and also making sshd more secure by using the options in /etc/ssh/sshd_config.
Have a look at `man 5 sshd_config` and there is loads of stuff on goodgle about this. So far, I really like what pf can do, check it out. `man pf.conf` and again there are lots of old posts on google, and the OpenBSD pf guide is good too:
https://calomel.org/pf_config.html
http://www.freebsd.org/doc/handbook/firewalls-pf.html
http://www.openbsd.org/faq/pf/
Jamie
More information about the freebsd-questions
mailing list