preventing ssh brute force attacks, swatch and users and table
Andrei Kolu
antik at pcbsd.org
Tue Apr 24 19:02:51 UTC 2007
On Tuesday 24 April 2007 21:00:41 Dave wrote:
> Hello,
> I've got a machine running ssh and i'm trying to cut down on brute
> force attacks on it. I'm running pf on a freebsd 6.2 box and have added in
> swatch to try to curve these attacks. The problem is nothing is being added
> to either the memory hackers table nor the ondisk copy of it. I know i'm
> getting hits because i'm seeing entries in my auth.log like this:
>
> Apr 21 06:18:38 zeus sshd[10609]: Did not receive identification string
> from 125.33.163.188
I managed to cut down attacks and block ip-s with denyhosts:
Port: denyhosts-2.6
Path: /usr/ports/security/denyhosts
Info: Script to thwart ssh attacks
Currently I block attackers for 10 minutes and then release IP- in case
someone is using NAT and blocks all other users out of that network.
More information about the freebsd-pf
mailing list