On 20/08/06, Chris <[EMAIL PROTECTED]> wrote:
I'm maintaining a patch for OpenSSH portable that allows configurable
blocking(firewalling, ipfw,ipf,iptables) of such bruteforce attempts. I
will post it if anyone is interested in it.
Daniel Gerzo wrote:
> Hello Pieter,
>
> Saturday, August 19, 200
I'm maintaining a patch for OpenSSH portable that allows configurable
blocking(firewalling, ipfw,ipf,iptables) of such bruteforce attempts. I
will post it if anyone is interested in it.
Daniel Gerzo wrote:
> Hello Pieter,
>
> Saturday, August 19, 2006, 9:48:49 PM, you wrote:
>
>
>> Gang,
>>
Hello Pieter,
Saturday, August 19, 2006, 9:48:49 PM, you wrote:
> Gang,
> For months now, we're all seeing repeated bruteforce attempts on SSH.
> I've configured my pf install to ratelimit TCP connections to port 22
> and to automatically add IP-addresses that connect too fast to a table
> tha
Take a look at /usr/ports/security/bruteforceblocker. It monitors the
system log for failed ssh logins, and blocks the sites via pf. It's
reasonably configurable, and works very well. I've been running it for
months without trouble.
Note that it lets you whitelist specific hosts to prevent
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, 19 Aug 2006, Pieter de Boer wrote:
Gang,
For months now, we're all seeing repeated bruteforce attempts on SSH. I've
configured my pf install to ratelimit TCP connections to port 22 and to
automatically add IP-addresses that connect too f
On 8/19/06, Pieter de Boer <[EMAIL PROTECTED]> wrote:
This works as expected, IP-addresses are added to the 'lamers'-table
every once in a while.
However, there apparently are SSH bruteforcers that simply use one
connection to perform a brute-force attack:
Aug 18 00:00:01 aberdeen sshd[87989]:
Gang,
For months now, we're all seeing repeated bruteforce attempts on SSH.
I've configured my pf install to ratelimit TCP connections to port 22
and to automatically add IP-addresses that connect too fast to a table
that's filtered:
table { }
block quick from to any
pass in quick on $e
