Brute Force Detection + Advanced Firewall Policy
Marian Hettwer
MH at kernel32.de
Mon Dec 19 13:28:21 PST 2005
Hi there,
Hadi Maleki wrote:
> Any BFD/AFP softwares available for FreeBSD 4.10?
>
If you would update to a recent FreeBSD Release, you could probably use
some nice pf(4) things...
> Im getting flooded with ssh and ftp attempts.
>
I recently stumbled over quite a nice pf.conf (see man pfctl for
details), which blacklists for instance ssh connections if the occur to
often in a certain amount of time.
For Example:
# sshspammer table
table <sshspammer> persist
block log quick from <sshspammer>
# sshspammer
# more than 6 ssh attempts in 15 seconds will be blocked ;)
pass in quick on $ext_if proto tcp to ($ext_if) port ssh $tcp_flags
(max-src-conn 10, max-src-conn-rate 6/15, overload <sshspammer> flush
global)
HTH,
Marian
More information about the freebsd-security
mailing list