pf suggestions for paced attack
Andrew Wright
andrew at qemg.org
Mon May 3 16:42:06 UTC 2010
On Mon, 3 May 2010, John wrote:
> The script kiddies have apparently figured out that we use some
> time-window sensitivity in our adaptive filtering. From sshd, I've
[ ... deletia ... ]
> Anybody got any superior suggestions?
I've been running a script using tail -F to watch /var/log/auth.log
to count total number of failures, and ix-nay anyone who reaches 10
fluffed attempts in 24 hours; this is managed by using pfctl to update
the relevant table. It has worked pretty well for me over the last
three or so years, and is immune to the current longer timeouts
that you mention.
If anyone is interested, I can send (or I suppose post) the scripts.
Andrew
More information about the freebsd-questions
mailing list