Jonathan Franks wrote:
On Mar 18, 2006, at 12:39 PM, Chris Maness wrote:
In my auth log I see alot of bruit force attempts to login via ssh.
Is there a way I can have the box automatically kill any tcp/ ip
connectivity to hosts that try and fail a given number of times? Is
there a port or something that I can install to give this kind of
protection. I'm still kind of a FreeBSD newbie.
If you are using PF, you can use source tracking to drop the
offenders in to a table... perhaps after a certain number of attempts
in a given time (say, 5 in a minute). Once you have the table you're
in business... you can block based on it... and then set up a cron
job to copy the table to disk every so often (perhaps once every two
minutes). It works very well for me, YMMV.
If you don't want to block permanently, you could use cron to flush
the table every so often too... I don't bother though.
I use a port called DenyHost. It adds an entry to hosts.allow that
email@example.com mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"