DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 7th January 2010
mayuka mayuka is offline
Fdisk Soldier
 
Join Date: Dec 2009
Posts: 57
Thanked 0 Times in 0 Posts
Default Handling ssh login attempts with pf

Hello.

Since a couple of days my little router appearances a lot of connections to port 22 from a bunch of same hosts which my pf firewall correctly drops. How can I put those attemps automatically to a table "attackers"?

I had something like the following in mind. Is that possible?

Code:
table <attackers> persist

block in quick on $EXT from <attackers>

block in quick on $EXT from any to ($EXT:0) port 22 (max 1, overload <attackers> flush)
Obvious. The third rule does not work. But how can I accomplish something like that?
Reply With Quote
 

Tags
ssh brute force attack, ssh hammering, ssh login attempts, ssh probes

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
how to start X11 on login? Mantazz FreeBSD Ports and Packages 2 10th July 2009 07:27 PM
cannot login after installation ccc FreeBSD Installation and Upgrading 3 28th October 2008 11:54 AM
How can i login to my FreeBSD ?? ceramic FreeBSD Installation and Upgrading 4 28th July 2008 11:56 AM
How to set up ssh login cssgalactic FreeBSD General 12 28th June 2008 06:00 PM
DSL auto login Weaseal FreeBSD General 3 17th June 2008 03:26 PM


All times are GMT. The time now is 10:04 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick