I've looked around and found several linux-centric things designed
to
block brute-force SSH attempts. Anyone out there know of
something a bit
more BSD savvy?
I've found a few things based on openBSD's pf, but that doesn't
seem to be
the default in BSD either.
Any response appreciated.
If using pf, you can write rules like (original is one line):
pass in on $ext_if proto tcp from any to $ext_if port $tcp_login
flags
S/SA keep state (max-src-conn-rate 6/25, overload <bad_hosts>
flush global)
The rule follows traffic in ssh port (aliased $tcp_login in my config)
and in this case if the connection attempts exceed 6 in 25 seconds,
the offending IP is moved into "bad_hosts" table and ruleset is
flushed to get the blocking effective. The conn attempt/time ratio can
be about anything, I've found the one used good enough.
Then in the top of ruleset I have the following (the filtering rule
from above is further down):
block in quick on $ext_if from <bad_hosts>
The bad host table is initialised in my ruleset like this:
table <bad_hosts> persist { }
Just remeber to put it into right section of pf.conf.
pf is neat, thanks for the dev effort of getting it into FreeBSD
kernel!
-Reko
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
