On 6/23/10 12:38 PM, Gary Baribault wrote: > In this attack, there's no need to throttle, the attacking computers hit > it once every 15 seconds or so from many different sources. My denyhosts > is not blocking 99.999% of the attempts. > > Gary Baribault > Courriel: [email protected] > GPG Key: 0x685430d1 > Signature: 9E4D 1B7C CB9F 9239 11D9 71C3 6C35 C6B7 6854 30D1 > > > On 06/23/2010 12:33 PM, Cody Robertson wrote: >> On 6/23/10 4:22 AM, yersinia wrote: >> >>> On Thu, Jun 17, 2010 at 4:21 PM, Samuel Martín Moro >>> <[email protected]>wrote: >>> >>> >>>> I also don't want to change my ssh port, nor restrict incoming IPs, ... and >>>> I use keys only to log in without entering password. >>>> So you're not alone. >>>> I had my IP changed several times, my servers are only hosting personal >>>> data. >>>> But I'm still seeing bruteforce attemps in my logs. >>>> >>>> Here's something I use on my servers. >>>> In cron, every 5-10 minutes, that should do it. >>>> Of course, if you're running *BSD, pf is way more interesting to do that. >>>> >>>> Perhaps could be better to use something standard as fail2ban >>>> >>> http://www.ducea.com/2006/07/03/using-fail2ban-to-block-brute-force-attacks/? >>> >>> >>> >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> If you have iptables it has ways you can do this throttle too many >> connections within a specified period. I much prefer using something >> such as this over third party software. >> >> I'm sure you can do this in PF however I'm not familiar with it enough >> to be certain (I'd be surprised if you couldn't however). >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
It tends to vary for my machines however it still catches quite a bit of throttling. Regardless it was just a recommendation to avoid using third party software for something so trivial. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
