SSH defence
-
Hi
Yestaday i found in my log this (3 hours spam)... Nov 23 21:23:35 sshd[73470]: Failed password for invalid user tokyo from 218.108.93.133 port 54308 ssh2 Nov 23 21:23:35 sshd[73470]: Invalid user tokyo from 218.108.93.133 Nov 23 21:23:31 sshd[73370]: Failed password for invalid user tokyo from 218.108.93.133 port 54192 ssh2 Nov 23 21:23:31 sshd[73370]: Invalid user tokyo from 218.108.93.133 Nov 23 21:23:27 sshd[73273]: Failed password for invalid user tokyo from 218.108.93.133 port 54084 ssh2 ...Exists SSH defense for blocked sender IP after 3-5 errors?
-
Simplest approach is to move SSH to a non-standard port.
-
This was discussed at length not long ago in this thread.
http://forum.pfsense.org/index.php/topic,6462.0.htmlSSH is encrypted, pfSense can't tell the difference between failed and successful logins. You need host controls for this. See the linked thread for some good recommendations.
-
Thanks for replay
-
I restrict the access time with a schedule for the rule. Plus for the rule advanced options I limit the maximum new connections per x seconds. Granted this will only work if SSH isn't used by many people at once.
-
I restrict the access time with a schedule for the rule. Plus for the rule advanced options I limit the maximum new connections per x seconds. Granted this will only work if SSH isn't used by many people at once.
Exellent. This good way too.
Thanks.
-
it runs great for a long time!
-
I've used denyhosts before (although not on pfSense)
http://denyhosts.sourceforge.net/
It's a python script daemon, so I'm not exactly sure what'd be the best bet:
rewrite in php?
rewrite in C?
make a python package for pfSense?Not that I'm volunteering for any of these options!
Cheers,
Littlejohn
-
Denyhost is available thru pkg_add
just note that the package may not install all dependencies - just read the message after the install
using it with pfsense and works fine