Re: limiting brute force attacks

Michael P. Soulier wrote:
Hey people,

I've seen some efforts from the netfilter community on Linux to provide a
means to limit brute-force attacks via firewall rules. Can anyone suggest a
way to do the same on FreeBSD?

I'm primarily interested in limiting attacks on sshd. I already use RSA auth,
but I like defense-in-depth.

Hi Michael,

you can use pf firewall (probably others, too) to limit/refuse
incoming connections. Have a look at Niki Denev's post @stable:

http://lists.freebsd.org/pipermail/freebsd-stable/2006-February/022616.html

Regards,

Karol

--
Karol Kwiatkowski <freebsd at orchid dot homeunix dot org>
GPGKey: http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc

Attachment: signature.asc
Description: OpenPGP digital signature

Relevant Pages

  • Re: Operation: "ipfw on a gateway box"
    ... >> I followed your advice and rewrote my firewall rules. ... I tried accesing the FreeBSD box from the 2 other computers ... I could acces the WWW, ftp, telnet and all the ...
    (freebsd-questions)
  • Operation: "ipfw on a gateway box"
    ... I followed your advice and rewrote my firewall rules. ... I can ping the FreeBSD box, but i cannot ping any outside ... > #Outside interface ... > #Divert all packets through the tunnel interface. ...
    (freebsd-questions)
  • Basic FreeBSD firewall and patching questions.
    ... My first question is about firewalls: I have read the FreeBSD handbook ... My second question is about updating the firewall rules: under Linux, ...
    (freebsd-questions)
  • Re: ipfw by MAC
    ... >> Does the latest version of FreeBSD allow you to create ipfw rules based ... >> on MAC address instead of IP? ... When I was switched to attbi.com, the DHCP lease period has been ... it means reworking the firewall rules with ...
    (FreeBSD-Security)
  • Re: limiting brute force attacks
    ... I've seen some efforts from the netfilter community on Linux to provide a ... means to limit brute-force attacks via firewall rules. ...
    (freebsd-questions)