Handling ssh login attempts with pf
Since a couple of days my little router appearances a lot of connections to port 22 from a bunch of same hosts which my pf firewall correctly drops. How can I put those attemps automatically to a table "attackers"?
I had something like the following in mind. Is that possible?
table <attackers> persist block in quick on $EXT from <attackers> block in quick on $EXT from any to ($EXT:0) port 22 (max 1, overload <attackers> flush)
|ssh brute force attack, ssh hammering, ssh login attempts, ssh probes|
|Thread||Thread Starter||Forum||Replies||Last Post|
|how to start X11 on login?||Mantazz||FreeBSD Ports and Packages||2||10th July 2009 07:27 PM|
|cannot login after installation||ccc||FreeBSD Installation and Upgrading||3||28th October 2008 11:54 AM|
|How can i login to my FreeBSD ??||ceramic||FreeBSD Installation and Upgrading||4||28th July 2008 11:56 AM|
|How to set up ssh login||cssgalactic||FreeBSD General||12||28th June 2008 06:00 PM|
|DSL auto login||Weaseal||FreeBSD General||3||17th June 2008 03:26 PM|