Re: equivalent for pf's max-src-conn-rate in ipfw

2017-05-04 Thread Ian Smith
On Thu, 4 May 2017 23:46:21 +0200, Marco van Tol wrote: > Possibly this questions pops up regularly. I have tried to find the > answer myself and have been unable to so far. > > My current way to drastically slow-down ssh brute force attacks is by > using the pf feature

equivalent for pf's max-src-conn-rate in ipfw

2017-05-04 Thread Marco van Tol
Hi there, Possibly this questions pops up regularly. I have tried to find the answer myself and have been unable to so far. My current way to drastically slow-down ssh brute force attacks is by using the pf feature "max-src-conn-rate" with an argument of 5/60 meaning only 5 syn packets are

Re: Question that has dogged me for a while.

2017-05-04 Thread Karl Denninger
On 5/4/2017 14:44, Rodney W. Grimes wrote: >> On 5/4/2017 13:47, Rodney W. Grimes wrote: On 5/4/2017 12:12, Rodney W. Grimes wrote: >> Consider the following network configuration. >> >> >> Internet --- Gateway/Firewall -- Inside network (including a >> web

Re: Question that has dogged me for a while.

2017-05-04 Thread Karl Denninger
On 5/4/2017 13:47, Rodney W. Grimes wrote: >> On 5/4/2017 12:12, Rodney W. Grimes wrote: Consider the following network configuration. Internet --- Gateway/Firewall -- Inside network (including a web host) 70.16.10.1/28 192.168.0.0/24

Re: Question that has dogged me for a while.

2017-05-04 Thread Karl Denninger
On 5/4/2017 12:48, Dr. Rolf Jansen wrote: > Resolving this with ipfw/NAT may easily become quite complicated, if not > impossible if you want to run a stateful nat'ting firewall, which is usually > the better choice. > > IMHO a DNS based solution is much more effective. > > On my gateway I have

Re: Question that has dogged me for a while.

2017-05-04 Thread Karl Denninger
On 5/4/2017 12:12, Rodney W. Grimes wrote: >> Consider the following network configuration. >> >> >> Internet --- Gateway/Firewall -- Inside network (including a >> web host) >> 70.16.10.1/28 192.168.0.0/24 >> >> The address of the outside is FICTIONAL, by the way.

Re: Question that has dogged me for a while.

2017-05-04 Thread Rodney W. Grimes
> Consider the following network configuration. > > > Internet --- Gateway/Firewall -- Inside network (including a > web host) > 70.16.10.1/28 192.168.0.0/24 > > The address of the outside is FICTIONAL, by the way. > > For policy reasons I do NOT want the gateway

Re: Question that has dogged me for a while.

2017-05-04 Thread Freddie Cash
On Thu, May 4, 2017 at 9:22 AM, Karl Denninger wrote: > Consider the following network configuration. > > > Internet --- Gateway/Firewall -- Inside network (including a > web host) > 70.16.10.1/28 192.168.0.0/24 > > The address of the outside is

Re: Question that has dogged me for a while.

2017-05-04 Thread Lee Brown
On Thu, May 4, 2017 at 9:22 AM, Karl Denninger wrote: > Consider the following network configuration. > > > Internet --- Gateway/Firewall -- Inside network (including a > web host) > 70.16.10.1/28 192.168.0.0/24 > > The address of the outside is