denyhosts/pfctl to block repeated logins?
Michael B. Eichorn
ike at michaeleichorn.com
Sat Jun 20 12:31:51 UTC 2015
On Sat, 2015-06-20 at 21:55 +1000, andrew clarke wrote:
> On Sat 2015-06-20 07:34:50 UTC-0400, John Holland (jholland at vin-dit.org
> ) wrote:
>
> > What is the best tool to use to block repeated login attempts from
> > unauthorized hosts? And for deny hosts, how you unblock someone who
> > is legitimate?
>
> "Best tool" is difficult to answer since it depends on your exact
> requirements.
>
> Also once an admin finds an IP blocker that works for them, they may
> tend to stick with it rather than try all the alternatives.
>
> For blocking unsuccessful ssh logins, sshguard-ipfw works for me.
>
> http://www.sshguard.net/docs/faqs/
>
I will second sshguard as an excellent automated blocker. But since the
OP mentions pfctl in the subject line, they probably want sshguard-pf.
There is also a no-firewall version for running in jails.
I prefer sshguard as it is a daemon like C program whereas denyhosts is a
python script. So I get a few less dependencies and a bit more speed.
SSHguard can handle more than just ssh logins, but sendmail, dovecot, and
other servers as well.
Unblocking no matter what you are using best consists of 2 steps:
1) Remove the blocked address from the firewall table, hosts.deny, etc.
2) If possible whitelist the hostname(s)/address(es)/subnet(s)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5761 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20150620/51fb966d/attachment.bin>
More information about the freebsd-questions
mailing list