Hi,
I am running OpenBSD 3.7-stable, pretty standard install, spamd
greylisting, httpd, sendmail. Going over my log files, I have noticed
that I am more and more coming under attach with dictionary based login
attempts to the SSH port.
I tried to search the mail list, but I can't seem to find any magic
combination of words that would reveal the secret to me. Reading
pf.conf(5) didn't shed any light either..
Tonight I got 800+ attempts from the same IP. I played with manually
blocking the IP, but it was over before I got the firewall rules written
and looked over them twice.
Is there any way to block/limit the number of connections to a port in a
given time period? I was getting around 5 connects per second from the
same IP/PORT (in Hungary :-( ).
I can't think how this would work... unless there was a generic program
like spamd in greylisting mode... But I'm not the first person to have
this problem, so there's likely a solution! Can anyone shed some light?
Cheers,
Steve Williams
- Blocking many accesses to ssh port from single ... Steve Williams
-
