NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: help? fighting ssh user/password guessing attempts



On Wed, 15 Oct 2008 20:42:37 +0200
"Thomas Feddersen" <thomas.feddersen%t-online.de@localhost> wrote:
> [...]
> My research has brought up several programs / demons that parse the  
> authlog file at certain time intervals and adjust the firewall  
> accordingly. Among them are fail2ban, denyhost OSsec, and blockhosts.
>

You can also enable pf (the OpenBSD packet filter) and put the following
in your /etc/pf.conf file:

   table <ssh_blacklist> persist

   block in quick from <ssh_blacklist>
   pass in on $ext_if inet proto tcp from any to any port ssh keep state \
      (max-src-conn 4, max-src-conn-rate 8/10, overload <ssh_blacklist> \
      flush global)

Adjust max-src-conn and max-src-conn-rate accordingly.  You might also
want to put the following in your crontab:

   @daily /sbin/pfctl -t ssh_blacklist -T expire 86400

to have older entries removed from the table.

Thomas


Home | Main Index | Thread Index | Old Index