Re: SSH scans vs connection ratelimiting
- From: Pieter de Boer <pieter@xxxxxxxxxxxxxx>
- Date: Sun, 20 Aug 2006 14:50:08 +0200
Lyndon Nerenberg wrote:
Take a look at /usr/ports/security/bruteforceblocker. It monitors the system log for failed ssh logins, and blocks the sites via pf. It's reasonably configurable, and works very well. I've been running it for months without trouble.I've written a similar script which worked okay for the most part. Probably not as fancy, but a la.
Point is, I'd prefer to:
1) Know why the attack still works although I'm ratelimiting to 3 connections per minute and MaxAuthTries is set to 3 (but if it was still the default value 6, it should've triggered, too)
2) Fix it at the root cause, probably OpenSSH?
--
Pieter
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- References:
- SSH scans vs connection ratelimiting
- From: Pieter de Boer
- Re: SSH scans vs connection ratelimiting
- From: Lyndon Nerenberg
- SSH scans vs connection ratelimiting
- Prev by Date: Re: SSH scans vs connection ratelimiting
- Next by Date: Re: SSH scans vs connection ratelimiting
- Previous by thread: Re: SSH scans vs connection ratelimiting
- Next by thread: Re: SSH scans vs connection ratelimiting
- Index(es):
