On Fri, 1 Feb 2008, Matt wrote: > From: Matt <[EMAIL PROTECTED]> > To: Chris <[EMAIL PROTECTED]> > Cc: OpenBSD Misc <misc@openbsd.org> > Date: Fri, 01 Feb 2008 09:25:02 +0100 > Subject: Re: avoid logging useless ssh brute force attempts >
... > One of the suggestions I have seen on this list is to enable > pf and add an max-src-connection rate for ssh. So if someone > connects, say 4 times within 30 seconds, you block them. It will > not stop the first attempts from being logged but after that you > are in the clear. As Peter has pointed out: http://home.nuug.no/~peter/pf/en/bruteforce.html is an excellent starting point for setting this up. That's where I started from. > Make sure you empty the table with attackers once in a while though. See: /usr/ports/sysutils/expiretable for an easy way to set this up, either as a daemon process or run out of cron. -- Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK [EMAIL PROTECTED] Phone: +44 1225 386101
