Re: ssh brute force

From: Bob Martin (bob_at_buckhorn.net)
Date: 07/20/05

  • Next message: Chris Jones: "Re: ssh brute force" 
    Date: Wed, 20 Jul 2005 12:36:22 -0500
To: Buki <freebsd@dev.null.cz>

    Has no effect on these attacks. They only start one at a time.

    Bob Martin

    Buki wrote:

    > On Tue, Jul 19, 2005 at 10:12:52PM +0300, Todor Dragnev wrote:
    >
    >>Hello,
    >
    >
    > Hi,
    >
    >
    >>This email may be is not for this mailing list, but with this problem
    >>more and more ISP have troubles. I want to block ssh dictionary attack
    >>with freebsd. I found nice solution with iptables for linux:
    >>
    >>iptables -A INPUT -p tcp -m state --state ESTABLISHED --tcp-flags FIN,ACK
    >>FIN,ACK --dport 22 -m recent --name sshattack --set
    >>
    >>iptables -A INPUT -p tcp -m state --state ESTABLISHED --tcp-flags RST RST
    >>--dport 22 -m recent --name sshattack --set
    >>
    >>iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60
    >>--hitcount 4 -m limit --limit 4/minute -j LOG --log-prefix 'SSH attack: '
    >>
    >>iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60
    >>--hitcount 4 -j DROP
    >>
    >>Is it posible to make in this way with ipfw, ipf or pf on freebsd ?
    >
    >
    > what about MaxStartups option in sshd_config?
    >
    >
    >>Regards,
    >>Todor Dragnev
    >>--
    >>There are no answers, only cross references
    >>_______________________________________________
    >>freebsd-isp@freebsd.org mailing list
    >>http://lists.freebsd.org/mailman/listinfo/freebsd-isp
    >>To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
    >
    >
    > Buki
    _______________________________________________
    freebsd-isp@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-isp
    To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

  • Next message: Chris Jones: "Re: ssh brute force"