Standard inetd(8) has many options including limiting connections based on IP-address. Can it help in this case?
20.09.2011, 00:02, "James Strother" <jstrother9...@gmail.com>: > That's an interesting project, I hadn't realized port knocking had > become so easy to use. > > Unfortunately, for this particular server, I need to be able to > provide a simple way for (a very limited number of) users to login > into the system remotely using a variety of OS platforms. So I don't > think port knocking is a good fit here. > > Thanks, > Jim > > 2011/9/19 Григорьев Александр <mr.fes...@yandex.ru>: > >> If your target is protect freebsd box from bruting passwords from inet >> maybe security/knockd will help you? >> >> 19.09.2011, 23:05, "James Strother" <jstrother9...@gmail.com>: >>> Does anyone know a good way of limiting the number of ssh attempts >>> from a single IP address? >>> >>> I found the following website, which describes a variety of approaches: >>> >>> http://www.freebsdwiki.net/index.php/Block_repeated_illegal_or_failed_SSH_logins >>> >>> But I am honestly not really happy with any of them. Continuously >>> polling log files for regex hits seems...well crude. Just to give you >>> an idea of what I mean, here were some of the issues I had. The >>> sshd-scan.sh script allows IPs to be reinstated, but the timing is >>> dependent on how frequently you rotate logs. sshguard has a pretty >>> website, but I can't actually find much useful documentation on how to >>> configure it. fail2ban looks like it might work with sufficient work, >>> but the defaults are terrible. By default, every time an IP is >>> reinstated, all IPs are reinstated. Not to mention, at present I >>> can't seem to get it to trigger any hits. >>> >>> I suppose I could keep shopping, but the truth is I just think polling >>> log files is the wrong way to solve the problem. Anything based on >>> this approach is going to have a long latency and be highly dependent >>> on the unspecified and unstable formatting of log files (see >>> http://www.fail2ban.org/wiki/index.php/HOWTO_Mac_OS_X_Server_(10.4) >>> and the troubles an exclamation point can cause). >>> >>> I would much much rather do something like this: >>> >>> http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_with_iptables/ >>> >>> Does anyone know a way to do something similar with ipfw? >>> >>> Thanks in advance, >>> Jim >>> _______________________________________________ >>> freebsd-questions@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> To unsubscribe, send any mail to >>> "freebsd-questions-unsubscr...@freebsd.org" > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
