I second that. I have been doing the same thing (except running an
OpenBSD firewall that blocks the offenders via pf) and it works like a
charm.
A
Jonathan Franks wrote:
On Mar 18, 2006, at 12:39 PM, Chris Maness wrote:
In my auth log I see alot of bruit force attempts to login via ssh.
Is there a way I can have the box automatically kill any tcp/ip
connectivity to hosts that try and fail a given number of times? Is
there a port or something that I can install to give this kind of
protection. I'm still kind of a FreeBSD newbie.
If you are using PF, you can use source tracking to drop the offenders
in to a table... perhaps after a certain number of attempts in a given
time (say, 5 in a minute). Once you have the table you're in
business... you can block based on it... and then set up a cron job to
copy the table to disk every so often (perhaps once every two
minutes). It works very well for me, YMMV.
If you don't want to block permanently, you could use cron to flush
the table every so often too... I don't bother though.
-Jonathan
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"[EMAIL PROTECTED]"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
