View Single Post
  #4   (View Single Post)  
Old 24th July 2009
chris chris is offline
Port Guard
 
Join Date: May 2008
Location: United Kingdom
Posts: 35
Default

Oddly enough I did have both pf and ossec, a brute-force log analyser running but clearly this time the attack was larger than previous ones. Here's the pf rule i had, perhaps it was too lenient;
Code:
pass in log on $ext_if proto tcp from any to any port 22 keep state (source-track rule, max-src-states 40, max-src-conn 15, max-src-conn-rate 15/60)
Attached Images
File Type: jpg pfstat-packets_day.jpg (16.5 KB, 101 views)
Reply With Quote