danny at clari.net.au
Tue Mar 26 21:57:14 UTC 2013
On 27/03/2013 4:18 AM, Joseph Olatt wrote:
>> Any ideas/suggestions on this will be appreciated. Thanks,
>> >-- Doug
> A little while back I wrote a system to do a simple Two Factor
> Authentication and dynamic manipulation of PF (Packet Filter) Tables. I
> created it to prevent brute-force attacks on the servers that I have
> exposed on the Internet.
I'm happy to share a program I wrote which slows down the brute force
It simply counts the SYN packets from a given IP and limits the rate per
minute by dropping the packet if they are coming too fast.
Uses ipfw divert sockets, so would work if you prefer ipfw over pf.
If you have a known set of OK IP addresses, you can allow them in ipfw
rules before the packets get passed through ratelimit.
-p <size> maximum packet size (default: 16384 bytes)
-d <port> divert port number (default: 1)
-r <rate> rate at which 50% of packets are dropped (default: 4)
-f <rate> rate at which 100% of packets are dropped (default: 8)
-l <secs> number of seconds to sleep between syslog() calls
-z path path of pidfile (default: /var/run/ratelimit.pid)
-h this message
Have you looked at simply using a non-standard port?
More information about the freebsd-questions