Re: [OT] SSH throttle - security

To: Donald Lee <MacPPC2%caution.icompute.com@localhost>
Subject: Re: [OT] SSH throttle - security
From: "Bruce O'Neel" <netbsd%pckswarms.ch@localhost>
Date: Tue, 27 Jan 2009 22:20:14 +0100

Hi,

pf, the packet filter from OpenBSD, can easily do this.
I believe the NetBSD one is new enough to have these options.

An example is at http://my.opera.com/TMS/blog/show.dml/194002

There is another article at http://www.bgnett.no/~peter/pf/en/bruteforce.html
that might help.

cheers

bruce

On Mon, Jan 26, 2009 at 03:41:08PM -0600, Donald Lee wrote:
> [sorry for the OT]
> 
> I have an ssh annoyance - my logs are FULL of cracking attempts.  This is
> an externally visible server, so I can't simply shut off access.  They are
> trying lots of random accounts, and I'm not worried that they'll get in,
> but it's a pain, both because it generates huge logfiles, and also
> because it burns non-trivial CPU.
> 
> Does anyone know of an option/method to "throttle" incoming SSH requests.
> I would be more than happy to limit said requests to one every N seonds,
> where N is in the range of 5-10 (or more?)
> 
> I don't see anything in the docs or on the web that will allow me to
> do this.  I'm not anxious to write proxy software to do this. :-<
> 
> I figure this might be of general interest to anyone with an exposed
> server.
> 
> Thanks,
> 
> -dgl-

Follow-Ups:
- Re: [OT] SSH throttle - security
  - From: Dave Vollenweider

References:
- Re: MacPPC serial ports in 4.0.1 - not quite
  - From: Izumi Tsutsui
- [OT] SSH throttle - security
  - From: Donald Lee

Prev by Date: Re: Xorg and 5.0_BETA on Powerbook G4
Next by Date: Re: [OT] SSH throttle - security
Previous by Thread: Re: [OT] SSH throttle - security
Next by Thread: Re: [OT] SSH throttle - security
Indexes:

Home | Main Index | Thread Index | Old Index