You can always patch your sshd with Timelox patch by brian http://www.ethernet.org/~brian Running well och production servers.
On Thursday 30 June 2005 10:11, you wrote: > Hi, > > I am running OpenBSD 3.7-stable, pretty standard install, spamd > greylisting, httpd, sendmail. Going over my log files, I have noticed > that I am more and more coming under attach with dictionary based login > attempts to the SSH port. > > I tried to search the mail list, but I can't seem to find any magic > combination of words that would reveal the secret to me. Reading > pf.conf(5) didn't shed any light either.. > > Tonight I got 800+ attempts from the same IP. I played with manually > blocking the IP, but it was over before I got the firewall rules written > and looked over them twice. > > Is there any way to block/limit the number of connections to a port in a > given time period? I was getting around 5 connects per second from the > same IP/PORT (in Hungary :-( ). > > I can't think how this would work... unless there was a generic program > like spamd in greylisting mode... But I'm not the first person to have > this problem, so there's likely a solution! Can anyone shed some light? > > Cheers, > Steve Williams > > -- Best regards Maxim Bourmistrov
