|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: "ssh" attacks
From: Matthias Kilian (kili
outback.escape.de)
Date: Wed May 31 2006 - 14:01:35 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, May 31, 2006 at 02:54:16PM -0400, Peter Fraser wrote:
> block in on Outsize proto tcp port ssh flags S/SA
> state (max-src-conn-rate 100/10, overload <bad_hosts> flush global)
>
> This does not work. One gets a message that keeping state on
> a blocked run makes no sense.
See the example on overload at
http://www.openbsd.org/faq/pf/filter.html#stateopts
Basically, you pass and just block verything from <bad_hosts> in a
separate rule.
Ciao,
Kili
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]