|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Dennis Davis (D.H.Davis
bath.ac.uk)
Date: Fri Feb 01 2008 - 04:30:25 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, 1 Feb 2008, Matt wrote:
> From: Matt <openbsdwomen-at-work.org>
> To: Chris <atstakegmail.com>
> Cc: OpenBSD Misc <miscopenbsd.org>
> Date: Fri, 01 Feb 2008 09:25:02 +0100
> Subject: Re: avoid logging useless ssh brute force attempts
>
...
> One of the suggestions I have seen on this list is to enable
> pf and add an max-src-connection rate for ssh. So if someone
> connects, say 4 times within 30 seconds, you block them. It will
> not stop the first attempts from being logged but after that you
> are in the clear.
As Peter has pointed out:
http://home.nuug.no/~peter/pf/en/bruteforce.html
is an excellent starting point for setting this up. That's
where I started from.
> Make sure you empty the table with attackers once in a while though.
See:
/usr/ports/sysutils/expiretable
for an easy way to set this up, either as a daemon process or run out
of cron.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
D.H.Davisbath.ac.uk Phone: +44 1225 386101
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]