On 27/03/2013 4:18 AM, Joseph Olatt wrote:
Any ideas/suggestions on this will be appreciated. Thanks,
>
>-- Doug
A little while back I wrote a system to do a simple Two Factor
Authentication and dynamic manipulation of PF (Packet Filter) Tables. I
created it to prevent brute-force attacks on the servers that I have
exposed on the Internet.
I'm happy to share a program I wrote which slows down the brute force
attackers.
It simply counts the SYN packets from a given IP and limits the rate per
minute by dropping the packet if they are coming too fast.
Uses ipfw divert sockets, so would work if you prefer ipfw over pf.
If you have a known set of OK IP addresses, you can allow them in ipfw
rules before the packets get passed through ratelimit.
ratelimit usage:
-p <size> maximum packet size (default: 16384 bytes)
-d <port> divert port number (default: 1)
-r <rate> rate at which 50% of packets are dropped (default: 4)
-f <rate> rate at which 100% of packets are dropped (default: 8)
-l <secs> number of seconds to sleep between syslog() calls
(default: 30)
-z path path of pidfile (default: /var/run/ratelimit.pid)
-h this message
Have you looked at simply using a non-standard port?
Danny
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
