On Thu, 4 May 2017 23:46:21 +0200, Marco van Tol wrote:
> Possibly this questions pops up regularly. I have tried to find the
> answer myself and have been unable to so far.
>
> My current way to drastically slow-down ssh brute force attacks is by
> using the pf feature
Hi there,
Possibly this questions pops up regularly. I have tried to find the answer
myself and have been unable to so far.
My current way to drastically slow-down ssh brute force attacks is by using the
pf feature "max-src-conn-rate" with an argument of 5/60 meaning only 5 syn
packets are
On 5/4/2017 14:44, Rodney W. Grimes wrote:
>> On 5/4/2017 13:47, Rodney W. Grimes wrote:
On 5/4/2017 12:12, Rodney W. Grimes wrote:
>> Consider the following network configuration.
>>
>>
>> Internet --- Gateway/Firewall -- Inside network (including a
>> web
On 5/4/2017 13:47, Rodney W. Grimes wrote:
>> On 5/4/2017 12:12, Rodney W. Grimes wrote:
Consider the following network configuration.
Internet --- Gateway/Firewall -- Inside network (including a
web host)
70.16.10.1/28 192.168.0.0/24
On 5/4/2017 12:48, Dr. Rolf Jansen wrote:
> Resolving this with ipfw/NAT may easily become quite complicated, if not
> impossible if you want to run a stateful nat'ting firewall, which is usually
> the better choice.
>
> IMHO a DNS based solution is much more effective.
>
> On my gateway I have
On 5/4/2017 12:12, Rodney W. Grimes wrote:
>> Consider the following network configuration.
>>
>>
>> Internet --- Gateway/Firewall -- Inside network (including a
>> web host)
>> 70.16.10.1/28 192.168.0.0/24
>>
>> The address of the outside is FICTIONAL, by the way.
> Consider the following network configuration.
>
>
> Internet --- Gateway/Firewall -- Inside network (including a
> web host)
> 70.16.10.1/28 192.168.0.0/24
>
> The address of the outside is FICTIONAL, by the way.
>
> For policy reasons I do NOT want the gateway
On Thu, May 4, 2017 at 9:22 AM, Karl Denninger wrote:
> Consider the following network configuration.
>
>
> Internet --- Gateway/Firewall -- Inside network (including a
> web host)
> 70.16.10.1/28 192.168.0.0/24
>
> The address of the outside is
On Thu, May 4, 2017 at 9:22 AM, Karl Denninger wrote:
> Consider the following network configuration.
>
>
> Internet --- Gateway/Firewall -- Inside network (including a
> web host)
> 70.16.10.1/28 192.168.0.0/24
>
> The address of the outside is