Re: Brute Force Detection + Advanced Firewall Policy
- From: Marian Hettwer <MH@xxxxxxxxxxx>
- Date: Mon, 19 Dec 2005 22:28:13 +0100
Hi there,
Hadi Maleki wrote:
If you would update to a recent FreeBSD Release, you could probably use some nice pf(4) things...Any BFD/AFP softwares available for FreeBSD 4.10?
I recently stumbled over quite a nice pf.conf (see man pfctl for details), which blacklists for instance ssh connections if the occur to often in a certain amount of time.Im getting flooded with ssh and ftp attempts.
For Example:
# sshspammer table
table <sshspammer> persist
block log quick from <sshspammer>
# sshspammer
# more than 6 ssh attempts in 15 seconds will be blocked ;)
pass in quick on $ext_if proto tcp to ($ext_if) port ssh $tcp_flags (max-src-conn 10, max-src-conn-rate 6/15, overload <sshspammer> flush
global)
HTH, Marian _______________________________________________ freebsd-security@xxxxxxxxxxx mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- References:
- Brute Force Detection + Advanced Firewall Policy
- From: Hadi Maleki
- Brute Force Detection + Advanced Firewall Policy
- Prev by Date: Re: Brute Force Detection + Advanced Firewall Policy
- Next by Date: Re: Brute Force Detection + Advanced Firewall Policy
- Previous by thread: Brute Force Detection + Advanced Firewall Policy
- Next by thread: Brute Force Detection + Advanced Firewall Policy
- Index(es):
