Quoting andrew clarke <[EMAIL PROTECTED]>:
On Wed 2008-09-17 19:36:02 UTC-0400, Tom Marchand
([EMAIL PROTECTED]) wrote:
Does anyone know of a utility that I can use with sshd to auto-block
by IP if there are more then N failed attempts in a row?
Why don't you have sshd listen on a different port?
I imagine that on some hosts where there are multiple users/customers,
moving sshd to another port isn't a practical solution due to people's
habits in trying to connect to the default port. A human problem
rather than a technical one.
PS. Top posting is cruel.
I`ve been more or less watching this thread and haven't seen the use
of the ssh-bruteforce rules from the pf on line howtos being
recommended. In my own case pf, in addition to a couple of other
changes, has worked well for us. In the other changes mentioned we
have also changed the ssh port that doesn't add security but has
basically stopped logfiles full of dictionary attempts from what I
expect are windows machines that have been violated and are being used
to find more.
I would highly recommend pf brutforce rules or something similar with
other firewalls.
ed
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
