Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
Peter N. M. Hansteen
peter at bgnett.no
Tue Nov 14 07:39:20 UTC 2006
Erik Norgaard <norgaard at locolomo.org> writes:
> Honestly, I wouldn't worry about it: review your config and make some
> simple choices to reduce the noise, see this article:
One other noise reduction method which is really easy to implement is
to use pf and write arule set which to uses the overload feature, see
eg http://home.nuug.no/~peter/pf/en/bruteforce.html (part of my
EuroBSDCon and other places tutorial).
See http://home.nuug.no/~peter/pf/ for a choice of formats and languages.
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"
20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 seconds
More information about the freebsd-questions
mailing list