On 06/27/11 23:38, Erik E. Fair wrote:
For those of us with public IP addresses, what is the most popular
and effective way to shut out the various door-knob turners who
keep trying account/password combinations again ssh and other such
services?
I'm tired of spew on the consoles and log entries ... and I'd prefer
to shut the door-knob turners out than silence the screaming daemons.
Erik<fair%netbsd.org@localhost>
I'm having fun with PF table <sshscan> persist block in quick inet from <sshscan> to any probability 75%pass in quick inet proto tcp from any to any port ssh keep state (max-src-conn 10, max-src-conn-rate 3/60, overload <sshscan> flush)
-- Mihai