[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSH scans vs connection ratelimiting

To: Pieter de Boer <pieter_(_at_)_thedarkside_(_dot_)_nl>
Subject: Re: SSH scans vs connection ratelimiting
From: Lyndon Nerenberg <lyndon_(_at_)_orthanc_(_dot_)_ca>
Date: Sat, 19 Aug 2006 14:31:58 -0700 (PDT)
Cc: freebsd-security_(_at_)_freebsd_(_dot_)_org
Organization: The Frobozz Magic Homing Pigeon Company

Take a look at /usr/ports/security/bruteforceblocker. It monitors thesystem log for failed ssh logins, and blocks the sites via pf. It'sreasonably configurable, and works very well. I've been running it formonths without trouble.

Note that it lets you whitelist specific hosts to prevent against someoneDOSing you by forging your IP address.


--lyndon
_______________________________________________
freebsd-security_(_at_)_freebsd_(_dot_)_org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe_(_at_)_freebsd_(_dot_)_org"

Follow-Ups:
- Re: SSH scans vs connection ratelimiting
  - From: Pieter de Boer

References:
- SSH scans vs connection ratelimiting
  - From: Pieter de Boer

Prev by Date: Re: SSH scans vs connection ratelimiting
Next by Date: Re: SSH scans vs connection ratelimiting
Previous by thread: Re: SSH scans vs connection ratelimiting
Next by thread: Re: SSH scans vs connection ratelimiting
Index(es):
- Date
- Thread

Visit your host, monkey.org