|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: SSH scans vs connection ratelimiting
From: Pieter de Boer (pieter
thedarkside.nl)
Date: Sun Aug 20 2006 - 07:50:08 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Lyndon Nerenberg wrote:
> Take a look at /usr/ports/security/bruteforceblocker. It monitors the
> system log for failed ssh logins, and blocks the sites via pf. It's
> reasonably configurable, and works very well. I've been running it for
> months without trouble.
I've written a similar script which worked okay for the most part.
Probably not as fancy, but a la.
Point is, I'd prefer to:
1) Know why the attack still works although I'm ratelimiting to 3
connections per minute and MaxAuthTries is set to 3 (but if it was still
the default value 6, it should've triggered, too)
2) Fix it at the root cause, probably OpenSSH?
--
Pieter
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]