On Tue, Apr 24, 2007 at 09:16:49PM +0300, Andrei Kolu wrote: > On Tuesday 24 April 2007 21:00:41 Dave wrote: > > Hello, > > I've got a machine running ssh and i'm trying to cut down on brute > > force attacks on it. I'm running pf on a freebsd 6.2 box and have added in > > swatch to try to curve these attacks. The problem is nothing is being added > > to either the memory hackers table nor the ondisk copy of it. I know i'm > > getting hits because i'm seeing entries in my auth.log like this: > > > > Apr 21 06:18:38 zeus sshd[10609]: Did not receive identification string > > from 125.33.163.188 I've used a pf ruleset to block too intensive connect attempts to my sshd, as it was documented in the openbsd FAQ. I block IPs permanently, and if someone was blocked due to too intensive ssh-ing, then the IP will absolutely be blocked, globally. I auto-save this table, and it's an append-only one.
This is a really easy policy, works great. Bye, Gergely Czuczy mailto: [EMAIL PROTECTED] -- Weenies test. Geniuses solve problems that arise.
pgpjCQgYjRvky.pgp
Description: PGP signature
