In this attack, there's no need to throttle, the attacking computers hit it once every 15 seconds or so from many different sources. My denyhosts is not blocking 99.999% of the attempts.
Gary Baribault Courriel: [email protected] GPG Key: 0x685430d1 Signature: 9E4D 1B7C CB9F 9239 11D9 71C3 6C35 C6B7 6854 30D1 On 06/23/2010 12:33 PM, Cody Robertson wrote: > On 6/23/10 4:22 AM, yersinia wrote: > >> On Thu, Jun 17, 2010 at 4:21 PM, Samuel Martín Moro <[email protected]>wrote: >> >> >>> I also don't want to change my ssh port, nor restrict incoming IPs, ... and >>> I use keys only to log in without entering password. >>> So you're not alone. >>> I had my IP changed several times, my servers are only hosting personal >>> data. >>> But I'm still seeing bruteforce attemps in my logs. >>> >>> Here's something I use on my servers. >>> In cron, every 5-10 minutes, that should do it. >>> Of course, if you're running *BSD, pf is way more interesting to do that. >>> >>> Perhaps could be better to use something standard as fail2ban >>> >> http://www.ducea.com/2006/07/03/using-fail2ban-to-block-brute-force-attacks/? >> >> >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > If you have iptables it has ways you can do this throttle too many > connections within a specified period. I much prefer using something > such as this over third party software. > > I'm sure you can do this in PF however I'm not familiar with it enough > to be certain (I'd be surprised if you couldn't however). > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
