Re: help? fighting ssh user/password guessing attempts

To: "Thomas Feddersen" <thomas.feddersen%t-online.de@localhost>
Subject: Re: help? fighting ssh user/password guessing attempts
From: Thomas Pfaff <tpfaff%agderlink.no@localhost>
Date: Thu, 16 Oct 2008 09:58:16 +0200

On Wed, 15 Oct 2008 20:42:37 +0200
"Thomas Feddersen" <thomas.feddersen%t-online.de@localhost> wrote:
> [...]
> My research has brought up several programs / demons that parse the  
> authlog file at certain time intervals and adjust the firewall  
> accordingly. Among them are fail2ban, denyhost OSsec, and blockhosts.
>

You can also enable pf (the OpenBSD packet filter) and put the following
in your /etc/pf.conf file:

   table <ssh_blacklist> persist

   block in quick from <ssh_blacklist>
   pass in on $ext_if inet proto tcp from any to any port ssh keep state \
      (max-src-conn 4, max-src-conn-rate 8/10, overload <ssh_blacklist> \
      flush global)

Adjust max-src-conn and max-src-conn-rate accordingly.  You might also
want to put the following in your crontab:

   @daily /sbin/pfctl -t ssh_blacklist -T expire 86400

to have older entries removed from the table.

Thomas

References:
- help? fighting ssh user/password guessing attempts
  - From: Thomas Feddersen

Prev by Date: Re: help? fighting ssh user/password guessing attempts
Next by Date: Re: help? fighting ssh user/password guessing attempts
Previous by Thread: Re: help? fighting ssh user/password guessing attempts
Next by Thread: Re: help? fighting ssh user/password guessing attempts
Indexes:

Home | Main Index | Thread Index | Old Index