Protecting SSH from brute force attacks

Vulpes Velox v.velox at vvelox.net
Thu Oct 7 17:24:41 PDT 2004


On Thu, 7 Oct 2004 15:15:25 -0700 (PDT)
Luke <luked at pobox.com> wrote:

> There are several script kiddies out there hitting my SSH server
> every day.  Sometimes they attempt to brute-force their way in
> trying new logins every second or so for hours at a time.  Given
> enough time, I fear they will eventually get in.
> Is there anything I can do to hinder them?
> 
> I'd like to ban the IP after 50 failed attempts or something.  I'd
> heard that each failed attempt from a source was supposed to make
> the daemon respond slower each time, thus limiting the usefulness of
> brute force attacks, but I'm not seeing that behavior.

I forget where in /etc it is, but look into setting up something that
allows a certian number of failed logins before locking that IP/term
out for a few minutes.... and if it is constantly from the same place
look into calling their ISP or the like.

Or in a few cases, like I have done in a few cases, and a deny from
any to any for that chunk of the net...

man login.conf for more info :)


More information about the freebsd-questions mailing list