> Does anyone know a good way of limiting the number of ssh attempts > from a single IP address? > > I found the following website, which describes a variety of approaches: > > http://www.freebsdwiki.net/index.php/Block_repeated_illegal_or_failed_SSH_logins > > > But I am honestly not really happy with any of them. Continuously > polling log files for regex hits seems...well crude. Just to give you > an idea of what I mean, here were some of the issues I had. The > sshd-scan.sh script allows IPs to be reinstated, but the timing is > dependent on how frequently you rotate logs. sshguard has a pretty > website, but I can't actually find much useful documentation on how to > configure it. fail2ban looks like it might work with sufficient work, > but the defaults are terrible. By default, every time an IP is > reinstated, all IPs are reinstated. Not to mention, at present I > can't seem to get it to trigger any hits. > > I suppose I could keep shopping, but the truth is I just think polling > log files is the wrong way to solve the problem. Anything based on > this approach is going to have a long latency and be highly dependent > on the unspecified and unstable formatting of log files (see > http://www.fail2ban.org/wiki/index.php/HOWTO_Mac_OS_X_Server_(10.4) > and the troubles an exclamation point can cause). > > I would much much rather do something like this: > > http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_with_iptables/ > > Does anyone know a way to do something similar with ipfw? > > > Thanks in advance, > Jim
Maybe you mean something like this?! http://home.nuug.no/~peter/pf/en/bruteforce.html _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"