Re: ssh brute force

• Previous message: Todor Dragnev: "Re: ssh brute force"
• In reply to: Todor Dragnev: "Re: ssh brute force"
• Next in thread: Anton Butsyk: "Re: ssh brute force"
• Reply: Anton Butsyk: "Re: ssh brute force"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Thu, 21 Jul 2005 04:15:18 -0700
To: todor.dragnev@gmail.com

An easier way to handle this is to simply set up some basic
configurations for the subnets you will accept SSH from. With pf its
quite easy via the table structures, and with a little creativity and
shell scripting, its not that tough to get ipfw or ipfilter to do it
either.

One more step, just blocking port 22 from 61.0.0.0/8 helps
tremendously. We got hammered with this stuff a few weeks ago, and
despite my comments above, trying to fully automate dozens of machines
is an on-going labor of love for us, and there are many that do not
have the self-built firewall rules commented as 'protect myself'.

Michael F. DeMan
Director of Technology
OpenAccess Network Services
Bellingham, WA 98225
michael@staff.openaccess.org
360-647-0785
On Jul 21, 2005, at 3:49 AM, Todor Dragnev wrote:

> Thank you.
>
> On Thursday 21 July 2005 03:43, Chris Buechler wrote:
>> On 7/20/05, Chris Jones <cdjones@novusordo.net> wrote:
>>> I'm looking at having a script look at SSH's log output for repeated
>>> failed connection attempts from the same address, and then blocking
>>> that
>>> address through pf (I'm not yet sure whether I want to do it
>>> temporarily
>>> or permanently).
>>
>> Matt Dillon wrote an app in C to do just that, with ipfw.
>> http://leaf.dragonflybsd.org/mailarchive/users/2005-03/msg00008.html
>>
>> Scott Ullrich modified it to work with pf.
>> http://pfsense.org/cgi-bin/cvsweb.cgi/tools/sshlockout_pf.c
>>
>> -Chris
> _______________________________________________
> freebsd-isp@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
>

_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

• Previous message: Todor Dragnev: "Re: ssh brute force"
• In reply to: Todor Dragnev: "Re: ssh brute force"
• Next in thread: Anton Butsyk: "Re: ssh brute force"
• Reply: Anton Butsyk: "Re: ssh brute force"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: Reality check: IPFW sees SSH traffic that sshd does not? ... I use IPFW & natd on the box that provides the interface between my home ... I configured IPFW to accept & log all SSH "setup" requests, ... that machine's sshd logs SSH-specific information. ... (FreeBSD-Security) Re: Problems with ipfw and ssh ... the rule you have set to allow any, my same rule is deny any. ... I know I had some issues with IPFW working for about 15 minutes, ... However I stuck with the ssh rule since i mainly want to work remotely on ... On Thursday 12 October 2006 20:22, Spiros Papadopoulos wrote: ... (freebsd-questions) Re: IPFW Problems ... I doing this over an SSH connection, ... there seems to be something odd with ipfw. ... ipfw add 00299 deny log all from any to any out via bge0 ... ipfw add 0430 allow log tcp from any to me 22 in via bge0 setup limit ... (freebsd-questions) Re: IPFW disconnections and resets ... > - SSH sessions timeout after a while ... In PuTTY or whatever other SSH client you use - enable sending of ... this is cause of ipfw or what, but the tcp session is timing out) ... (FreeBSD-Security) Re: Problem with "ipfw flush" ... firewall_script on line 131 with "sh", not with ipfw. ... writes to the terminal, which after the flush, it can't. ... mend the following command line: ... isn't working via ssh. ... (freebsd-questions)