What I did was simply set the firewall rule advanced settings. Here I set "2 Maximum new connections / 60 seconds".
Looking at the rule, I'm not sure if it checks for multiple connections from the same host, or just for multiple connections in general. Technically I guess this means that a malicious person could lock me out by just connecting frequently... but I have never ever been prevented from logging in (except for the time I tested if the rule worked) so I'm not too worried about that. Regards, -Jeppe On Tue, Sep 2, 2008 at 7:13 AM, Aliet Santiesteban Sifontes <[EMAIL PROTECTED]> wrote: > I'm interesting in this solution, can you explain hoy you did this?? > best regards > > 2008/8/31, Jeppe Øland <[EMAIL PROTECTED]>: >> Hi, >> >> I just set up the firewall hole for SSH to block if more than a few >> connections were made from the same host within a minute or so. >> All the brute-force attacks disappeared after that. >> >> Regards, >> -Jeppe >> >> On Sat, Aug 30, 2008 at 4:02 PM, Igor <[EMAIL PROTECTED]> wrote: >> > Hi :) >> > >> > Christian: The fail2ban is a very nice tool... but I'm looking >> > something integrated with pfSense to control banned hosts... but I'll >> > make some tests :D >> > >> > Chris: Thanks for your reply.. but I really need SSH opened because >> > I've some clients with dynamic IP.. or I change SSH port and change >> > all clients.. or I block bad users into server. >> > >> > Thanks again for all >> > >> > Igor >> > >> > On Sat, Aug 30, 2008 at 18:38, Christian Veith <[EMAIL PROTECTED]> wrote: >> >> Igor schrieb: >> >>> >> >>> Hello people, >> >>> >> >>> I guess all servers with ssh enable on default port has problems with >> >>> brute force.. and isn't different on my server :) >> >>> >> >>> And after a lot of failed tries my "system.log" gets corrupted.. like: >> >>> >> >>> [EMAIL PROTECTED] ~]# tail -n3 /var/log/system.log >> >>> Aug 30 15:44:22 bzrouter01 sshd[58326]: Invalid user guest from >> >>> 200.128.80.174 >> >>> Aug 30 15:44:22 bzrouter01 sshd[58326]: Failed password for invalid >> >>> user guest from 200.128.80.174 port 56056 ssh2 >> >>> Aug 30 15:44:22 bzrouter01 sshd[58328]: Invalid user master from >> >>> 200.128.CLOG?S|[EMAIL PROTECTED] ~]# >> >>> >> >>> I've two questions: >> >>> >> >>> 1) There are a simple way to detect and block brute force? I ready in >> >>> some place to use snort... and I've installed and I guess is >> >>> configured correctly, but doesn't block anyone. >> >>> >> >>> 2) Is normal this error on "system.log"? >> >>> >> >>> Thanks in advance >> >>> >> >>> Igor Macedo >> >>> >> >>> --------------------------------------------------------------------- >> >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >> >>> For additional commands, e-mail: [EMAIL PROTECTED] >> >>> >> >>> >> >> >> >> Hi Igor, >> >> >> >> i´m using fail2ban on my linux boxes at present. You can find it at >> >> fail2ban.org >> >> >> >> it´s watching the syslog auth facility of the syslog for given regex >> >> matches >> >> and blocks them via pf or iptables. >> >> >> >> maybe that´s something for you. >> >> >> >> kind regards >> >> >> >> Christian >> >> >> >> ( [EMAIL PROTECTED] ) not real don´t use. >> >> >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: [EMAIL PROTECTED] >> > For additional commands, e-mail: [EMAIL PROTECTED] >> > >> > >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
