Kennith Mann III wrote:
> ...
> While moving the SSH port doesn't help much against anyone running an
> nmap scan, it stops blind port 22 scans that run generic password
> hacks and filling your logs with crap,
Overloads help a bit:
pass in on $ext_if proto tcp to ($ext_if) port ssh
flags S/SA keep state (max-src-conn 4, \
max-src-conn-rate 2/60, overload <bruteforce> \
flush global)
Regarding the logs, one thing that worked in the past was giving the
netblock owner a hard time. It's their responsibility. It's not too
hard to make up a shellscript (or use another scripting language) which
automates a daily report and the complaint.
Regards,
-Lars
