Hy, I'm triing to find a solution to bruteforce attack, mostly on port
22, without moving services on different ports.
I've try something similar to this:
table <ssh-bruteforce> persist
block in quick from <ssh-bruteforce>
pass in on $ext_if proto tcp from any to ($ext_if) port ssh \
flags S/SA keep state \
(max-src-conn-rate 3/30, overload <ssh-bruteforce> flush global
block drop in quick on $ext_if from <ssh-bruteforce>
but i get:
gate# pfctl -f /etc/pf.conf
/etc/pf.conf:48: illegal timeout name max-src-conn-rate
pfctl: Syntax error in config file: pf rules not loaded
where do I go wrong??
egon.
---------------------------
kernel options:
# PF Support
options IPSEC
device pf
device pflog
device pfsync
options QUOTA
#ALTQ Support
options ALTQ
options ALTQ_CBQ
options ALTQ_RED
options ALTQ_RIO
options ALTQ_HFSC
options ALTQ_CDNR
options ALTQ_PRIQ
------------------------------------
--
-----------------------------------------------------------------------------------------------
You are not your job.
You're not how much money you have in the bank.
You're not the car you drive.
You're not the contents of your wallet.
You're not your fucking khakis.
You are the all-singing, all-dancing crap of the world...
----------------------------------------------------------------------------------------------
http://www.015-bsd.org
info@015-bsd.org
-----------------------------------------------------------------------------------------------
On Tuesday 11 April 2006 18:28, Matteo 'egon' Baldi wrote:> gate# pfctl -f /etc/pf.conf > /etc/pf.conf:48: illegal timeout name max-src-conn-rate > pfctl: Syntax error in config file: pf rules not loadedYour version of FreeBSD is too old and has a version of pf that pre-dates this feature. I suggest an upgrade to RELENG_6 or wait until 6.1 comes out. PS here is a page with how I do it.. http://www.gsoft.com.au/~doconnor/brute-force-mitigation.html (With a script to expire IPs from the table) -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20060411/9cb93b02/attachment.pgp
On Tue, Apr 11, 2006 at 10:58:48AM +0200, Matteo 'egon' Baldi wrote:> Hy, I'm triing to find a solution to bruteforce attack, mostly on port 22, without > moving services on different ports.try to use /usr/ports/security/sshit By. Dmitriy