> -----Urspr|ngliche Nachricht-----
> Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Im Auftrag von Charlie Clark
> Gesendet: Donnerstag, 6. November 2008 18:34
> An: misc
> Betreff: openbsd fail2ban
>
>
> Hi,
>
> I have noticed that people constantly try to brute force sshd on my
> openbsd box, on my server I use fail2ban to prevent this and
> wondered if
> there is a similar solution for openbsd.
>
> Regards,
>
> --
>
> Charlie Clark
> Network Engineer
>
> Lemon Computing Ltd
> Unit 9
> 26-28 Priests Bridge
> London
> SW14 8TA
> UK
>
> Tel: +44 208 878 2138
> Fax: +44 208 878 2163
> Email: [EMAIL PROTECTED]
> Site: http://www.lemon-computing.com/
>
> Lemon Computing is a limited company registered in England &
> Wales under Company No. 03697052
>
>
you can use pf, I think.
Put something like this in your pf.conf:
table <ssh-bruteforce>
block drop in log quick from <ssh-bruteforce> to any
pass in $log_pass_ext \
on $ext_if \
inet proto tcp \
from any \
to $ext_if port 22 \
flags S/SA \
keep state \
(max-src-conn-rate 3/30,overload <ssh-bruteforce> flush global)
and pf will move offending source ip to the bruteforce table and subsequently
drop these packet
