On Thu, 4 May 2017 23:46:21 +0200, Marco van Tol wrote:
> Possibly this questions pops up regularly. I have tried to find the
> answer myself and have been unable to so far.
>
> My current way to drastically slow-down ssh brute force attacks is by
> using the pf feature "max-src-conn-rate
Hi there,
Possibly this questions pops up regularly. I have tried to find the answer
myself and have been unable to so far.
My current way to drastically slow-down ssh brute force attacks is by using the
pf feature "max-src-conn-rate" with an argument of 5/60 meaning only 5 syn
packets are al
On 5/4/2017 14:44, Rodney W. Grimes wrote:
>> On 5/4/2017 13:47, Rodney W. Grimes wrote:
On 5/4/2017 12:12, Rodney W. Grimes wrote:
>> Consider the following network configuration.
>>
>>
>> Internet --- Gateway/Firewall -- Inside network (including a
>> web ho
> On 5/4/2017 13:47, Rodney W. Grimes wrote:
> >> On 5/4/2017 12:12, Rodney W. Grimes wrote:
> Consider the following network configuration.
>
>
> Internet --- Gateway/Firewall -- Inside network (including a
> web host)
> 70.16.10.1/28 192.1
On 5/4/2017 13:47, Rodney W. Grimes wrote:
>> On 5/4/2017 12:12, Rodney W. Grimes wrote:
Consider the following network configuration.
Internet --- Gateway/Firewall -- Inside network (including a
web host)
70.16.10.1/28 192.168.0.0/24
>
> On 5/4/2017 12:12, Rodney W. Grimes wrote:
> >> Consider the following network configuration.
> >>
> >>
> >> Internet --- Gateway/Firewall -- Inside network (including a
> >> web host)
> >> 70.16.10.1/28 192.168.0.0/24
> >>
> >> The address of the outside is FICTI
On 5/4/2017 12:48, Dr. Rolf Jansen wrote:
> Resolving this with ipfw/NAT may easily become quite complicated, if not
> impossible if you want to run a stateful nat'ting firewall, which is usually
> the better choice.
>
> IMHO a DNS based solution is much more effective.
>
> On my gateway I have r
On 5/4/2017 12:12, Rodney W. Grimes wrote:
>> Consider the following network configuration.
>>
>>
>> Internet --- Gateway/Firewall -- Inside network (including a
>> web host)
>> 70.16.10.1/28 192.168.0.0/24
>>
>> The address of the outside is FICTIONAL, by the way.
>>
Resolving this with ipfw/NAT may easily become quite complicated, if not
impossible if you want to run a stateful nat'ting firewall, which is usually
the better choice.
IMHO a DNS based solution is much more effective.
On my gateway I have running the caching DNS resolver Unbound. Now let's
as
[ Charset UTF-8 unsupported, converting... ]
> On Thu, May 4, 2017 at 9:22 AM, Karl Denninger wrote:
>
> > Consider the following network configuration.
> >
> >
> > Internet --- Gateway/Firewall -- Inside network (including a
> > web host)
> > 70.16.10.1/28 192.168.0.0
> Consider the following network configuration.
>
>
> Internet --- Gateway/Firewall -- Inside network (including a
> web host)
> 70.16.10.1/28 192.168.0.0/24
>
> The address of the outside is FICTIONAL, by the way.
>
> For policy reasons I do NOT want the gateway m
On Thu, May 4, 2017 at 9:22 AM, Karl Denninger wrote:
> Consider the following network configuration.
>
>
> Internet --- Gateway/Firewall -- Inside network (including a
> web host)
> 70.16.10.1/28 192.168.0.0/24
>
> The address of the outside is FICTIONAL, by the way.
On Thu, May 4, 2017 at 9:22 AM, Karl Denninger wrote:
> Consider the following network configuration.
>
>
> Internet --- Gateway/Firewall -- Inside network (including a
> web host)
> 70.16.10.1/28 192.168.0.0/24
>
> The address of the outside is FICTIONAL, by the way.
Consider the following network configuration.
Internet --- Gateway/Firewall -- Inside network (including a
web host)
70.16.10.1/28 192.168.0.0/24
The address of the outside is FICTIONAL, by the way.
For policy reasons I do NOT want the gateway machine to actually h
14 matches
Mail list logo
